| The Cyber and Information Risk Program Support Lead is responsible for leading a team to support execution of company's Enterprise Risk Management and Operational Risk Management programs for cyber, information security, and data management risk. The successful candidate will provide review and credible challenge of the effectiveness of information security and data management risk governance, identification, assessment, response, monitoring, and reporting capabilities. This position is highly engaged with firm-wide Information Security and Data Management teams who provide risk and control solutions as well as all corporate departments that own cyber, information security, and data management risk. |
| Essential Function / major duties and responsibilities of the job |
| What we are looking for: | ||||||||||||
| · 7+ years of experience building, maintaining, and managing information security and data management risk governance, operations, and risk management functions. · Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security. · Experienced developing and managing Enterprise and Operational Risk programs related to information security and data management, including implementing risk and control frameworks in accordance with best practices and Basel requirements. · Experienced leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment. · Experienced leading within a highly regulated environment, with a preference for experience at the international and federal levels. · Deep knowledge of information security and data management risk and control frameworks and a strong understanding of policies, procedures, guidelines, and structure. · Functional expertise, with operational knowledge of and exposure to various current and emerging information security and data management areas such as:
|
| Professional qualifications / certifications |
| · B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent). M.S. desired. · Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC. · Working knowledge of information security and data management life cycles based on an established framework: CRI, NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA, DAMA-DMBOK. · Proficiency in MS PowerPoint and Excel. · Experience in broader MS Office suite, including Project and Visio is a plus · Experience with enterprise GRC tools, e.g. Archer is a plus |