We are currently looking to hire the First Vice President of Information Risk Management for a full time Direct Hire role with a client of ours in the Banking industry.
Job Description: As the First Vice President of Information Risk Management, you will be expected to lead the function, and provide mentorship and team leadership to the cybersecurity information risk team. This team within Information Security is charged with the responsibility of assessing the risk, governance, and compliance bank-wide, including our use of third-party service providers and vendors. This role is a lieutenant to the Deputy CISO and is expected to be someone who has a strong acumen to ?Getting things Done.? You should be an expert in your field, fully understanding how to govern and deliver a risk management program. Having strong project management and audit skills is essential. You must be an influencer and possess a personality that inspires people through personal leadership, the ability to work together for a common goal, and being a servant as much as a leader with working with others.
You should know how bank risk management works and operates and develop common sense and effective best practices within the function. Knowledge of GLBA, FFIEC, NIST are essential tools in your wheelhouse .The science and art of risk management converge in this role.
Essential Duties and Responsibilities * Specialize in managing information security controls across the firm. You will be the expert in how information flows and is stored within the firm, its applications, and third parties.
Your primary responsibility will be to ensure that information is inventoried, assessed, and protected according to its data classification.* Lead and Perform NIST Cybersecurity Framework Control Assessments* Lead and Perform GLBA Assessments against the bank?s data privacy controls* Lead and Perform other assessments and mappings such as mapping to FFIEC CAT* Lead and perform third-party cybersecurity risk assessments and ongoing monitoring* You will be a senior leader reporting to the CISO or Deputy CISO and have a large impact on both the operations but also the strategy and processes performed by the overall team.* Strong presentation and communication skills, as well as solutioning skills are very important for this role. You not only assess but you will be asked to help resolve remediation for issues found. Strong partnership and collaboration skills are important to build strong relationships inside and outside the team.* You will be interfacing with regulator, audit, and other outside assessment organizations to represent Information Security.* Strong data centric skills are a must. You will be working with business partners, third parties, and technology peers to develop effective strategies to protect data.* As part of the data protection role, you will be required to be the expert for the team on regulatory requirements. CCPA, GDPR, GLBA are important regulations but you will be required to stay current and prepare responsive strategies as new regulations are implemented and changes evolve.* You will be an essential member of the CISO overall cybersecurity and risk team.* Where required, you will manage the bank?s response to regulatory inquiries and requirements, such as consumer data privacy requests.* You will also be a generalist in information risk, helping the bank and team develop and execute a risk management program in accordance with GLBA Part 364 Appendix B.* Identify cyber security and information risks across the bank and with 3rd party providers, assess the inherent risk, maturity and capability of people, process, and technology control to determine the residual risks.* Write effective policies and procedures to help govern cyber security and information risk across the bank.* Work and partner with business and IT peers to assess risks and identify solutions to enable technology delivery in a secure and efficient manner.* Work with internal and external assessment providers, including auditors, to assess and provide information for ongoing audits. Provide critical challenges to external auditors and assessors where necessary.* Develop effective key risk indicators and metrics to measure risks and changes to risks across the firm.* Assist deputy CISO and CISO in production of board and enterprise risk materials and presentations.* Conduct special projects and assessments related to information risk as required.* Ensure all information risk artifacts and responsibilities remain current and updated.* Coordinate across information security on cyber risk initiatives, incident response, training, and data collection.* Prepare general and job-specific training and user-awareness programs to educate bank personnel.* Conduct onsite assessments of branches, remote offices, and third-party vendors and data centers as required.* Perform business impact analysis and criticality assessments, in conjunction with enterprise risk management.* Partner with Vendor Risk Management on vendor risk assessments and contract language reviews.* Develop key artifacts to assess and measure risks; provide ongoing management and tracking for issues and action plans assigned to owners. Report on the progress and status as required.* Provide subject matter expertise related to cyber security, IT and information risk management, and security around business and IT solutions.* Help bank meet all regulatory requirements related to data privacy and other regulations. Stay abreast of regulations and laws.* Remain relevant by maintaining education, appraised of emerging threats, and other factors; mentor and education information security team as needed.