Infosec Regulatory Exam and Audit Oversight Manager Senior

Infosec Regulatory Exam and Audit Oversight Manager Senior

Requirements

• Bachelor’s degree in Information Security, Information Technology, Computer Science, Business Administration, Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree.
• 6 years of related information security experience in one or more domains, e.g.: Cybersecurity, Identity and Access Management, Information Assurance and Governance, Operational Risk Management and/or Information Technology to include significant accountability for projects, programs, processes or policies.
• 2 years of direct team lead, supervisory, or management experience in an Information Security or Information Technology domain.
• 2 years of researching, designing, or implementing technology, information security or cybersecurity solutions in a large financial institution or large enterprise information security program with a proven track record of delivering results in compliance with federal/state/regulatory information security and risk management policies, standards, and guidelines.
• Working knowledge of relevant regulations and standards related to risk management and information security, e.g.: FFIEC, Gramm-Leach-Bliley, FFIEC Cybersecurity Assessment Tool, NIST Cybersecurity Framework and the Payment Card Industry Data Security Standard.
• Strong written and verbal communication skills, including the ability to communicate technical analyses to a non-technical audience.
• Strong knowledge of security technologies to include cryptography, authentication, authorization, and controls.
• Strong Knowledge of IT risks and experience implementing security solutions.
• Knowledge of threats, vulnerabilities, attack methods and countermeasures for web-based applications, networks, and cyber security solutions.
• Expertise in risk management processes and principles.
• Familiarity with budgets, forecasting, and executing on the budgets for the applicable information security, cybersecurity, or technology support function.

Responsibilities

• Responsible for ownership and execution of one or more critical security domains or capabilities.
• Executes senior leadership’s strategic vision and leads their team in the compliant day-to-day execution of their assigned information security domain. Contributes to the organization’s short and long-term vision, strategies, goals and metrics.
• Manages effective operation of assigned information security domain’s day-to-day operations including capacity, resilience and dependability capabilities and how changes in conditions, operations, or the environment will affect the system’s operation.
• Develops, reviews, and communicates information security risk management policies and procedures to ensure appropriateness and adequacy versus industry best practices and regulatory requirements.
• Responsible for developing metrics and reporting the status of information security activities and alerting management to potential risks, compliance issues, and operational inefficiencies.
• Develops, designs, and delivers a sustainable governance and assurance model within multiple domains.
• Identifies, monitors and evaluates operational solutions to reduce information security risk, meet compliance requirements and increase enterprise workforce efficiency, business agility and workforce scalability.
• Promotes information security awareness within their teams and across Enterprise Security Group.
• Serves as financial steward for the organization and manages manpower and budgets to ensure they cost-effectively meet the needs of the organization.
• Builds and oversees a team of employees for assigned functional area through ongoing execution of recruiting, development, retention, coaching and support, performance management, and managerial activities.
• Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures.

Preferred Qualifications

• 5+ years of experience leading a team managing audit, regulatory and partner inquiry responses for an InfoSec program at a financial institution
• An understanding of primary regulatory requirements (e.g. GLBA, NYDFS, HIPAA, DORA etc.), controls, industry frameworks (e.g. FFIEC, NIST, CRI) and how to build and maintain linkages between them
• Broad understanding of InfoSec governance risk and compliance functions, and operational functions (e.g. Access Management, Data Protection, Cyber Operations etc.)
• Demonstrated experience interacting with senior leadership, internal auditors and regulators, preparing meeting materials/presentations, facilitating discussions, and tracking follow ups
• Excellent verbal and written communications
• Good task/deadline management and strong cross-team collaboration experience
• US military experience through military service or a military spouse/domestic partner