Information and Security Control Risk Manager - SGA Inc.
New York, NY
About the Job
Software Guidance & Assistance, Inc., (SGA), is searching for an Information and Security Control Risk Manager for a contract assignment with one of our premier financial services clients in New York City, NY.
The US cybersecurity and IT risk team oversees and advise on cybersecurity and IT risk matter in the firm. The team primary focuses is to ensure the bank's security controls are in line with industry standards and compliant with the regulator requirement.
The primary function of an Information and Security Control Risk Manager is to monitor, analyze, and report on cybersecurity requirements against relevant regulations and standards, such as NYDFS, FFIEC, and NIST CSF, while taking a risk-based approach. The IS&C manager will be able to understand complex security challenges, identify vulnerabilities, and propose effective solutions.
Responsibilities :
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.
The US cybersecurity and IT risk team oversees and advise on cybersecurity and IT risk matter in the firm. The team primary focuses is to ensure the bank's security controls are in line with industry standards and compliant with the regulator requirement.
The primary function of an Information and Security Control Risk Manager is to monitor, analyze, and report on cybersecurity requirements against relevant regulations and standards, such as NYDFS, FFIEC, and NIST CSF, while taking a risk-based approach. The IS&C manager will be able to understand complex security challenges, identify vulnerabilities, and propose effective solutions.
Responsibilities :
- Dedicated and detail-oriented cybersecurity professional with a strong background in regulatory compliance.
- Continuously monitor and assess the effectiveness of security controls and processes.
- Technical skills such as network security, application security, encryption, vulnerability assessment, and incident response.
- Solid understanding of information security principles and practices, including threat and vulnerability management, incident response, and security operations.
- Knowledge of information security principles and practices, network protocols, and operating systems.
- Knowledge of information security risk management frameworks, compliance practices, key risk indicators and metrics.
- Strong analytical and problem-solving skills, with the ability to work well under pressure and manage multiple priorities.
- Excellent communication, presentation, written, and collaboration skills, with the ability to work effectively in a team environment.
- Perform the information security compliance tasks such as ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
- Perform control assessments against enterprise cybersecurity frameworks and the firm's standards.
- Track, manage, and report on any internal or external cybersecurity-related issues.
- Bachelor's degree in a technical field such as computer science, computer engineering and related field required 3-5 years' experience required.
- 3 years of Regulatory compliance/examination and Audit Experience.
- 5-7 years of experience in related cybersecurity technical background and exposure to cloud technologies.
- Experience on security governance, policies, cybersecurity frameworks, security standards– 1 recent project.
- An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, and networking environments (asset), proven through recent experience in last 2+ project.
- Information security related certification (such as Security+, CISA, CISM, CISSP).
- Recent relevant Financial Industry Experience.
- Excellent communications and written skills.
- Comfortable putting together and presenting risk reporting to a US IS&C management.
- Candidate must be a team player and may be required to assist other team members in other security and IT risk tasks, as needed.
- Ability to manage assigned tasks and expectations without direct instruction or oversight.
- Fast, adaptable learner who can hit the ground running.
- Ability to work well under pressure while demonstrating strong professionalism.
- Willingness to learn new technologies and security-related information.
- Knowledge with NYDFS Cybersecurity regulations, experience with regulatory examinations, or strong understanding of NIST CSF.
- Proficiency in MS Office (extended knowledge of MS Excel and PowerPoint are preferred).
SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.
Source : SGA Inc.