Regular or Temporary:
Language Fluency: English (Required)
1st shift (United States of America)
Please review the following job description:
Provide senior-level management and strategic direction forinternal and externally staffed teamsresponsible for the design, development, installation, deployment and24x7 support of the corporate-wide informationsecuritytechnologyinfrastructure. The informationsecuritytechnology environment includes firewalls, intrusion detection system/intrusion prevention system (IDS/IPS),databasesecurity solutions,security information andevent management (SIEM), web content filtering, andother complexnetworked applications and systems. Work with line of business (LOB) leaders to develop and implementtechnology-based solutions that satisfy business requirements while providing long-term value. Interact with technical and nontechnical LOBs to ensure that proper IT governance and technical oversight is followed and ensure the implementation of consistent and supportable technical solutions. Ensure that all informationsecuritytechnologyinfrastructure meetsinternal technical standards for integration and support. Partner withinternal clients in developing technical solutions that ensure client success.
Desired experience and skills:
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Provide essential leadership and supervision to a subordinate management team and associates. Oversee tactical implementation of corporate-wide security principles, policies and practices. Maintain responsibility and ownership for implementation and maintenance of information protection program.
2. Ensure internal compliance to process and standards. Review technical and business processes, standards and procedures, making recommendations for continuous improvement. Understand and communicate strategic direction to associates and LOB clients.
3. Participate in the development of strategic policy for information security technologies. Provide necessary subject matter expertise and ensure implementation of information security architecture, risk management standards, best practices and systems/processes to ensure information privacy/protection. Communicate strategic direction to peers, subordinates, clients and vendors.
4. Interact with management to determine acceptable levels of risks as business model and risk profile changes and align security program accordingly. Provide necessary subject matter expertise and coordinate efforts on a corporate-level to identify key security risks, needs and initiatives.
5. Provide leadership and guidance in the planning of corporate, client and internal information security technology projects. Work with senior management to ensure adequate staffing is available to complete initiatives/projects. Identify and execute on opportunities for staff augmentation via offshoring.
6. Manage the translation of strategic direction into efficient, effective and supportable solutions, ensuring success while maintaining compliance to internal processes and policies.
7. Implement and monitor controls to ensure that the availability, reliability, performance and service levels of the information security technology infrastructure remain consistently high and in line with LOB expectations. Direct team activities during production problems.
8. Provide reporting to staff, colleagues, senior management and clients on a regular basis to ensure all relative and critical information is clearly and expeditiously shared.
9. Provide oversight on the team efforts to ensure Corporate Information Security and IT Services’ standards and processes and best practices are followed.
10. Ensure adequate security for new business services and systems. Assist in development of scenarios of usage and test for abnormalities or exposures. Prepare documentation to augment vendor materials that include local enhancements and implementations.
11. Stay abreast of all information security related laws and regulations to ensure compliance. Ensure compliance to corporate policies.
12. Support or direct enterprise-level information security-related functions (e.g. firewall administration, intrusion detection, communications, incident response, resource access control facility (RACF), encryption, access control, threat/intelligence management, cyber forensics). Make recommendations for improvements to program, respond to alleged policy violations and act as participant in event of a breach. Ensure communications to Chief Information Security Officer (CISO), and other senior level officers, are accurate and timely.
13. Maintain awareness of changes in industry. Attend classes and seminars, as required, to maintain a high level of proficiency in fields of information security and business resumption. Network with other information security professionals. Read about and be aware of trends regarding business recovery planning and security in industry.
Required Skills and Competencies:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
1. Bachelor’s degree in Computer Science or relevant field, or equivalent education and related training
2. Ten years of Information Security leadership experience
3. Certified Information Systems Security Professional (CISSP) certification
4. Extensive understanding of applied enterprise information security technologies
5. Aptitude towards strategic thought and people leadership while showing ability to influence direction
6. Display a strong sense of urgency and bias for positive action with a history of delivering results
7. Good written and verbal communication, team and people skills; ability to share information and communicate clearly with team members and internal and external clients
8. Demonstrated proficiency in basic computer applications, such as Microsoft Office software products
9. Ability to travel, occasionally overnight
1. Certified Secure Software Lifecycle Professional (CSSLP) or Certified Information Security Manager (CISM) certification
2. Knowledge of financial services industry and all applicable regulations and industry standards