|Location||New York, NY|
|Date Posted||February 28, 2018|
Five plus years experience in security policy development or broad security operations management, and in developing and managing a security governance program. Security policy and architectural project management or security auditing background may be considered.
Five plus years experience in successful security incident monitoring and breach response management.
Reports to Director, Information Security Office.
No direct management of personnel.
As assigned, provide guidance for information security operations staff, physical security staff, and business staff on security policy, governance, and operations.
Oversee the efforts of information security professionals in all aspects of information security and physical security for the Bank. This covers policy, strategy, administration, governance, monitoring, compliance, guidelines, and standards.
Develop and maintain a comprehensive enterprise wide Information Security Program for the Bank.
Proactively promote the enhancement of information protection through the identification of risk themes by working collaboratively with all areas of the Bank.
1. Ensure information is protected across the Bank and that effective information security programs, strategies, practices, processes and systems are in place and functioning as required.
2. Independently verify and observe operational performance in a broad oversight perspective for information security, physical security, and all matters of cyber risk across the Bank and carry out any special investigative requirements.
a. Monitor industry threat feeds and news. Document an appropriate analysis. Cover applicability, prior actions to address, response planned, threat environment, and escalate as needed.
b. Perform periodic department tasks, documenting the activity and results. Such items may include the review of significant applications’ password settings, protection of privacy information, and third-party security assessment reviews.
c. Review the vulnerability scan results for aging patch application. Analyze and escalate as needed.
d. Assist with the security risk assessment. Perform focused risk assessments as assigned.
3. Assist in other departmental duties as necessary:
a. Help guide business unit managers and staff to ensure that their performance is within current exposure tolerances.
b. When assigned, provide security perspective on Bank projects during Project Gate Reviews when required and upon request. Be able to draft the ISO assessment of the project with assistance.
c. Help guide IT operational security unit staff to ensure that their performance is within current exposure tolerances.
d. Assist in the security incident response management process at the Bank: help manage the oversight of incident response, and the control of information events.
4. Help prepare reports for the Board of Directors, CEO, and senior management on information security, information protection, and information risk matters.
5. Help define the Bank’s information security program, policy, and standards. As assigned, guide operational areas across the Bank on procedures, guidelines, and instructions to support the Bank’s policy and standards.
6. Guide the planning of information security projects and annual budget.
a. Monitor security systems for intrusion events. This is to be done with the goal of identifying themes in the events observed, ensuring the escalation of incidents. Answer questions that arise through oversight of how the Bank’s security efforts are functioning.
b. Assist in the review of security related software and hardware, recommend solutions, and the review of contracts.
7. Assist in developing specific modules, documents, white papers, and other artifacts that help:
a. Articulate the choices of the Bank relative to information protection.
b. Document what is secured and how we do the protection.
c. Advise and alert all Bank employees on information security matters.
8. Gather the data to support the proper reporting of security measures and metrics. Draft reports that highlight these metrics.
9. Assist with audits and examinations regarding information security and controls.
10. Help manage the independent security review process: remediation, vendor selection, and fieldwork.
11. Perform special tasks as assigned by the Director of, or a manager in, the Information Security Office.