VP, Information Security Governance and Risk Reporting Manager

  • location: New York, NY
  • type: Permanent
  • salary: $140,000 - $170,000 per year

job description

VP, Information Security Governance and Risk Reporting Manager

job summary:
About the Role

The Information Security Governance and Risk Manager will be responsible for developing and leading the company's security governance and reporting functions. This role will review and enhance policies and procedures, identify and document required security controls, and develop metrics in a security governance program to effectively manage risk. The governance and reporting program should enable the articulation of security risk appetite and identify and report on gaps and areas out of risk tolerance.

The governance and reporting function, in coordination with the company's enterprise risk team, will act as a challenge function by providing questions and feedback across multiple cyber risk program activities. The function will maintain an independent security risk perspective, consistently and appropriately providing feedback to continuously manage information security risk.

This person must be hands-on, comfortable working in small teams, and interested in continually researching to improve knowledge or our platforms, tools, and risk.

Responsibilities

  • Develop, lead, and provide information security governance and oversight.
  • Monitor and drive the rollout of the information security governance and risk reporting, ensuring that policies, controls, procedures, and resources are in place to effectively manage risk.
  • Develop an information security reporting capability across key areas such as identity and access, vulnerability and patching, third party security, cloud, security operations, data security and incident response.
  • Coordinate and, where appropriate, lead independent control evaluations (e.g., audits, exams, SOX, and compliance testing), and self-identified issues.
  • Lead assessments to support appropriate evaluation of the Information Security Program and maturity (through the FSSCC Cybersecurity Profile and FFIEC CAT) .
  • Stay current with industry standards, regulatory requirements, and best practices around IT such as FFIEC Guidelines, NIST, ITIL, COBIT, Cloud Security Alliance, etc.
  • Develop and maintain effective channels of communication with other risk officers, control functions, and executives.
  • Collaborate with senior business and technology leaders and other risk managers to resolve the most challenging risk matters.
Qualifications

  • Bachelor's degree in computer science, technology, or a financial-related discipline (e.g. Business, Economics, Finance, or Accounting), or an equivalent combination of education and work experience
  • 5+ years of enterprise experience with emphasis on risk management, information security, or equivalent work experience and training
  • Knowledge of key technology rules and regulations, and technology risk management practices (e.g. Information Security, Business Continuity, FFIEC, CoBIT, ITIL)
  • Negotiation skills and highly collaborative planning ability
  • Ability to influence and communicate effectively and impactfully
 
location: MANHATTAN, New York
job type: Permanent
salary: $140,000 - 170,000 per year
work hours: 8am to 4pm
education: Bachelors
 
responsibilities:
  • Develop, lead, and provide information security governance and oversight.
  • Monitor and drive the rollout of the information security governance and risk reporting, ensuring that policies, controls, procedures, and resources are in place to effectively manage risk.
  • Develop an information security reporting capability across key areas such as identity and access, vulnerability and patching, third party security, cloud, security operations, data security and incident response.
  • Coordinate and, where appropriate, lead independent control evaluations (e.g., audits, exams, SOX, and compliance testing), and self-identified issues.
  • Lead assessments to support appropriate evaluation of the Information Security Program and maturity (through the FSSCC Cybersecurity Profile and FFIEC CAT) .
  • Stay current with industry standards, regulatory requirements, and best practices around IT such as FFIEC Guidelines, NIST, ITIL, COBIT, Cloud Security Alliance, etc.
  • Develop and maintain effective channels of communication with other risk officers, control functions, and executives.
  • Collaborate with senior business and technology leaders and other risk managers to resolve the most challenging risk matters.
Qualifications

  • Bachelor's degree in computer science, technology, or a financial-related discipline (e.g. Business, Economics, Finance, or Accounting), or an equivalent combination of education and work experience
  • 5+ years of enterprise experience with emphasis on risk management, information security, or equivalent work experience and training
  • Knowledge of key technology rules and regulations, and technology risk management practices (e.g. Information Security, Business Continuity, FFIEC, CoBIT, ITIL)
  • Negotiation skills and highly collaborative planning ability
  • Ability to influence and communicate effectively and impactfully
 
qualifications:
  • Experience level: Manager
  • Minimum 5 years of experience
  • Education: Bachelors (required)
 
skills:
  • Network Security
  • SECURITY

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs