Lead Cybersecurity Banking Controls & Risk Management Advisor

Location: San Antonio, TX, United States
Date Posted: 06-08-2018
The core focus of this position will be to manage, evaluate and help drive compliance for digital security with federal and state banking regulations.   This position will develops strategies and Information Security plans. It will advise various levels of senior management on Information Security risk management issues and serve as a primary resource for cross-functional team members on escalated issues of a unique nature. This person needs to be able to work under minimal supervision on complex and unique work assignments and recommend appropriate solutions and resolve problems.
  • Leads technical thought leadership to guide the strategic direction to executive management focusing on Information Security risk of development projects, departmental initiatives and other special projects.
  • Identifies and leads requirements and recommends system security configurations; oversees security briefings and responding to inquiries.
  • Provides advanced advice and acts as an Information Security subject matter expert liaison between the company and staff agencies through formal and ad-hoc inquiries.
  • Provides governance and leads identifying, analyzing and initiating changes in the Information Security policies, guidelines and standards including advising company and staff agencies in support of developing and managing the Information Security awareness program.
  • Gives counsel to ensure that internally developed and commercially available business applications include adequate Information Security controls; Consults process owners on the identification, development and testing of Information Security controls for risk mitigation effectiveness.
  • Performs physical site assessments of business partners and provides peer review of work product and deliverables. Counsels and performs release of information analysis to third party business partners and identifies alternative methods for securing and releasing information when applicable.
  • Leads the planning, design, development and execution of the Information Security risk and control identification, evaluation, documentation, analysis and reporting processes including analytic tools. Provides expert analysis and recommendations on Information Security risk assessment and mitigation to internal and external clients or other analysts; influences Information Security risk management strategies and approaches and educates risk owners on best practices. Regularly advises senior management on key Information Security risk management efforts.
  • Establishes strategic partnerships to anticipate, advise, and effectively communicate (written and verbal) Federal and State regulatory and business partner Information Security risk requirements.
  • Coaches and mentors peers and cross functional team members to achieve business result, development, and delivery.
  • Other duties as assigned.
Minimum Requirements
  • Bachelor's degree in MIS, Computer Engineering, Cyber Security, IT or related disciplines or 4 years of additional work experience in IT, Information Security, Cyber Security or equivalent experience in lieu of a degree.
  • 8+ years work experience in Information Technology or related discipline.
  • 6+ years leading within a matrixed corporate environment.
  • Advanced knowledge in risk, control, budgets, process and loss costing
  • Advanced knowledge of Federal banking requirements such as FFIEC and GLBA regulations
  • Advanced knowledge of the Cyber Assessment Test (CAT) tool to measure risk scoring and maturity.
  • Good knowledge of State banking requirements such as the new NY DFS regulation.
  • Advanced knowledge of relevant industry data sources, standards, data analysis tools and techniques (e.g. Archer, MetricStream, BWise).
  • 8+ years facilitating risk assessment sessions with all levels of management and executive management.
Preferred Experience:
  • Experienced Information Security professional: influencing and interfacing with executive management, management, subject matter experts and control partners in Audit, Risk and Compliance to resolve and manage security issues in a timely manner.
  • A deep understanding of Information Security regulatory requirements (particularly in the financial sector); consulting, and assessing.
  • Experience with and knowledge of Information Security risks and controls to include facilitating Risk Control Self-Assessments (RCSA) and control testing; internal controls over financial reporting (ICFR or SOX) and Service Organization Control 2 (SOC 2) compliance audits; MetricStream and/or RSA Archer Governance Risk and Compliance (GRC) tools.
  • Ability to identify and articulate security requirements; develop and maintain information security processes.
For more information, please apply below or contact us
this job portal is powered by CATS