Skip to content
Technology and Information Security Risk Specialist
| Company | IDB bank |
|---|
| Location | New York, NY, USA |
|---|
| Salary | $160000 – $190000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Expert or higher |
|---|
Requirements
- 10+ years of solid experience in technology infrastructure and cyber security tools, processes, risks, and controls.
- Solid technical understanding of technology risk and cybersecurity risk at various technology layers, including cloud, application, database, O/S, network, infrastructure, etc.
- Bachelor’s degree in computer science or related technical discipline or equivalent work experience.
- Security certifications required such as CISSP, CISM, CISA, CRISC, CEH, or equivalent.
- First and/or second line experience.
- Experience in managing technical teams.
- Experience configuring GRC tools.
- Strong verbal and written communicating skills.
- Ability to multi-task, meet deadlines with minimal supervision, and positively influence others.
- Demonstrated experience in leading, managing, tracking and reporting technology and security related projects.
- Strong understanding of industry frameworks such as NIST CSF, NIST 800-53, NYDFS500, and FFIEC.
Responsibilities
- Perform detailed technology infrastructure and cyber risk analysis on processes, risks, and controls and provide an effective second line challenge.
- Perform full range of technology infrastructure and cyber security risk assessments including risk identification, assessment, reporting and oversight of remediation planning and execution.
- Develop, implement, enhance, and manage second line risk framework for technology and cyber security, using standard frameworks.
- Coordinate and interface with internal and external auditors.
- Identify and report technology infrastructure and/or cyber risks related to significant projects and/or new vendors.
- Develop training courses, provide Bank wide security awareness communications, and conduct training sessions as required.
- Build and maintain relationship with multiple stakeholders, including technology infrastructure, cyber, application development, and enterprise risk teams.
- Partner with Head Office and first line teams (CISO and IT Ops Risk) to implement and execute the risk plans.
- Build, manage and report Key Risk Indicators and Key Performance Indicators.
- Build, implement, and conduct phishing campaigns.
- Prepare and present materials related to technology infrastructure and cyber security risk to the Enterprise and Risk committees.
Preferred Qualifications
No preferred qualifications provided.
