VP - Information Security Risk Manager

Job information:

• Functional title - Information Security Risk Manager
• Department - Risk Management
• Corporate level - VP
• Report to - Director, Information Security Risk Manager
• Location - NJ

What you will be doing:

• Review and Credible Challenge – Provide independent review and effective challenge of the IT Security department’s information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, incident management, metrics and key risk indicators, risk appetite, operational risk issue management, and associated reporting.
• Risk Identification - Identify and assess cyber and information security risks and incidents related to key systems supporting CLS services and the broader impact to the financial ecosystem.
• Risk Assessments - Assess whether new/existing cybersecurity activities and controls utilized by CLS are designed and implemented effectively to verify that risks are mitigated to targeted levels.
• Mitigation - Provide subject matter expertise to business units to drive ownership and progress of corrective action plans.
• Monitoring - Review metrics, external events, and escalation reports to monitor risk and control-related developments, issues, and trends in the management of cybersecurity, technology, and information security risk for CLS.
• Governance – Actively present to various committees and forums to keep management informed on changes to CLS risk appetite.
• Project Oversight – Embed in various projects to challenge design, requirements, and go-live criteria to reduce impact of transformation risk
• Relationship Management – Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
• Advisory Services – Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
• Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.
• Mentorship – Provide guidance and support to junior members of the team.

What we’re looking for:

• At least six years of experience specifically related to information security governance and operations, and/or risk management.
• Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
• Comfortable working in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
• Experience operating within a highly regulated environment, with a preference for experience at the nternational and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
• Functional expertise, with operational knowledge of and exposure to various current and emerging
• information security areas such as:
  • Artificial Intelligence
  • Identity & privileged access management
  • Secure system development lifecycle
  • Cloud security configuration and control frameworks
  • Network security
  • Third-party risk management
  • Incident response
  • Threat/vulnerability management
  • Security architecture

Professional qualifications / certifications

• B.S. in a technology discipline (e.g. Computer Science, Information Systems Management, Computer Engineering)
• Professional information security certification (e.g. CISSP, CISM, CISA)
• Working knowledge of risk management lifecycles based on established frameworks such as NIST CSF, NIST SP 800-53, and/or ISO 27001
• Experience with enterprise GRC tools (e.g. RSA Archer) is desirable

#LI-DK1