Vacancy caducado!
- Coordinate assessments against key regulatory and framework guidance for cloud cybersecurity controls.
- Build and improve presentations for senior and executive management, clients and regulators.
- Provide feedback to Technology Risk and Internal Audit on their cybersecurity opinions.
- Maintain Information Security program documents that describe the function.
- Support regulatory developments, including supervising new regulations, preparing actions for new regulatory requirements, presentations, meetings, note-taking, summary reports to management.
- Support Internal Audit activities to guide auditors and control owners to controls that are effective in mitigating risks, efficient, balanced and pervasive where applicable.
- Evaluate third party assessments of the Information Security function.
- Maintain cybersecurity threat, Risk and control taxonomy.
- Support the cybersecurity metrics program.
- Review internal and external communications related to cybersecurity.
- Update cybersecurity policies and standards.
- Maintain the list of key cybersecurity gaps.
- Engage in cybersecurity control improvements.
- 7+ years in Information Security, IT Risk, IT Governance or IT Audit role in a Financial Services company
- Financial Services experience is required
- Experience dealing with regulators, external and internal audit.
- Experience with information security management frameworks (e.g., IS027000, NIST 800-53, etc.)
- Familiarity with CSA CCM framework and Zero Trust principles
- Strong documentation and process oriented background with leading and managing complex Technology projects.
- An ability to effectively influence others to account for the plans and collaborative behaviors for results
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and measurable manner
- An ability to identify and assesses the cybersecurity threats, risks and controls to efficiently mitigate risks
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) certifications are plus
- BS or MA in Business, Computer Science, Information Security, or a related field
Vacancy caducado!