Information Security Risk Officer
New York, NY, 1001 New York, NY 10017 US
Mid-sized Asset Management Firm seeks Information Security Risk Officer to reduce information security risk within the organization and facilitate the alignment of the business areas with regulatory expectations and best practices.
This is a full time direct hire role with an expanding financial services company that offers interesting work, opportunity for promotion, competitive compensation and great benefits package.
You will provide oversight to ensure the Information Security and Cyber security programs, maintaining the enterprise program from a risk management perspective to ensure information assets and technologies are protected.
In summary you will:
- Facilitate the continued improvement in information security risk management and culture across the firm, through continual refinement and implementation of the Information Security Framework.
- Perform technical, targeted risk assessments on applications and infrastructure
- Build and maintain relationships with the organizations business areas.
- Provide training and guidance to business areas on Information Security and ensure risk events are identified, reported, and managed.
- Strengthen internal controls and prevent unauthorized and improper access to data, thereby ensuring the appropriate protection of information assets.
- Perform Third Party Risk Management (TPRM) assessments on vendor engagements
- Implement security controls that support the information security policy/procedure and manage risks associated with access to services, information, and systems.
- Ensure that all information security incidents or suspected security flaws are remediated and have appropriate reporting mechanisms so that management is notified and these incidents are appropriately investigated and handled.
- Provide support for regulatory reviews for cybersecurity and IT risk management
- Responsible for managing enterprise-wide policies, standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data.
- 8+ years in an information security / cybersecurity risk management role within financial services / banking.
- Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Security Professional (CISSP ) certification preferred.
- Completed Bachelor’s Degree in Computer Science or related course of study.
- MBA or Master's degree in Information Systems or Information Security preferred.