Infinity Consulting Solutions New York, NY
Chief Information Security Officer
The position will be responsible for overseeing and reporting on the management and mitigation of information security risks including cybersecurity also across the branch and should be held accountable for the results of this oversight and reporting. Also, the position is responsible for implementing an information and cybersecurity program satisfying Cybersecurity Regulation (NYDFS Part 500), Information Security Standards (GLBA) and other regulatory requirements. The position also oversees and implements the cybersecurity program and enforces cybersecurity policy and procedure for the branch.
• Implementing the Information Security / Cybersecurity strategy and objectives including strategies to monitor and address current and emerging risks.
• Engaging with management in the lines of business to understand new initiatives, providing information on the inherent information security / Cybersecurity risk of these activities, and outlining ways to mitigate the risks.
• Working with management in the lines of business to understand the flows of information the risks to that information, and the best ways to protect the information.
• Monitoring emerging risks and implementing mitigations.
• Informing the branch, management and staff of information security and cybersecurity risks and the role of staff in protecting information.
• Championing Information security / Cybersecurity awareness and training programs.
• Participating in industry collaborative efforts to monitor, share, and discuss emerging security threats.
• Reporting significant information security/cybersecurity events to the branch, government agencies and law enforcement, as appropriate.
• Develop Cybersecurity program/policies/procedures and make recommendations for solving any information security and operational risk related issues. Ensure that bank policies/procedures compliance with external requirements.
• Monitoring and detection of any violation of the bank's security. Develop and implement an Incident Reporting and Response System to address branch security and incidents (breaches), respond to alleged policy violations, or complaints from external parties.
• Develop and implement an ongoing risk assessment program targeting information security / Cybersecurity and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing and scanning.
Knowledge & Experience Requirements:
• bachelor's degree or equivalent; Advanced degree in computer science or information system related, or IT background is preferred.
• Typically requires 10+ years relevant experience.
• Certifications: CISSP, CISA, or CISM
• Strong knowledge of computer-based risk management systems relevant to the types of business activities to be conducted by the Branch.
• Strong knowledge of government regulations such as GLBA, Cybersecurity Regulations
• Experienced with implementing guidelines such as FFIEC, NIST
• Excellent writing and communication skills.
• Good analytical and problem-solving skills.
• High attention to details.