Information Security Risk Officer

Mid-sized

• Facilitate the continued improvement in information security risk management and culture across the firm, through continual refinement and implementation of the Information Security Framework.

• Perform technical, targeted risk assessments on applications and infrastructure
• Build and maintain relationships with the organizations business areas.
• Provide training and guidance to business areas on Information Security and ensure risk events are identified, reported, and managed.

• Strengthen internal controls and prevent unauthorized and improper access to data, thereby ensuring the appropriate protection of information assets.

• Perform Third Party Risk Management (TPRM) assessments on vendor engagements
• Implement security controls that support the information security policy/procedure and manage risks associated with access to services, information, and systems.
• Ensure that all
  information security incidents
  or suspected security flaws are remediated and have appropriate reporting mechanisms so that management is notified and these incidents are appropriately investigated and handled.
• Provide support for regulatory reviews for cybersecurity and IT risk management
• Responsible for managing enterprise-wide policies, standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data.

• 8+ years in an information security / cybersecurity risk management role within financial services / banking.
• Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Security Professional (CISSP ) certification preferred.
• Completed Bachelor's Degree in Computer Science or related course of study.
• MBA or Master's degree in Information Systems or Information Security preferred.