Information Security Manager - BankMobile
New Haven, CT 06511
About the Job
About BM Technologies, Inc.
BM Technologies, Inc. (NYSE American: BMTX, BMTX.W) is among the largest digital banking platforms in the U.S., providing access to checking and savings accounts, personal loans, credit cards, and financial wellness. It is focused on technology, innovation, easy-to-use products, and education with the mission of being “customer-obsessed” and creating “customers for life.” The BMTX digital banking platform employs a multi-partner distribution model, known as “Banking-as-a-Service” (BaaS), that enables the acquisition of customers at higher volumes and substantially lower expenses than traditional banks while providing significant benefits to its customers, partners, and business. BMTX currently serves over two million account holders and provides disbursement services at approximately 725 college and university campuses (covering one out of every three students in the U.S.). BM Technologies, Inc. is a technology company and is not a bank, which means it provides banking services through its Member FDIC and Equal Housing Lender partner banks.
About the Role:
As Information Security Manager, you will be responsible for ensuring the security of our organization's information systems and data. In this role, you will work across the organization and with our security partners (auditors, security management platform providers) to manage risk, ensure compliance, and continually optimize our Information Security program in a highly regulated Financial Services domain.
Responsibilities:- Develop and implement enterprise-wide information security strategies, policies, and procedures that align with business objectives and regulatory requirements. Ensure that they are communicated and enforced throughout the organization.
- Evaluate and establish technical security standards, develop workflows to ensure operational effectiveness, and develop compliance standards.
- Lead the identification and evaluation of cyber security threats, risks, vulnerabilities, and processes to determine the risk to our product and software development initiatives, the systems we use, and the broader organization.
- Lead incident response and manage security incidents to minimize impact and ensure continuity of operations.
- Provide regular and consistent reporting on the status of the information security program to enterprise risk teams, audit teams, and senior business leaders.
- Provide thought leadership in information security to internal and external industry partners.
- Monitor information security trends and evolving technologies; liaise with external partners, agencies, and peers to ensure that the organization maintains a strong, proactive security stance.
- Liaise with business units to provide input and help steer ongoing program improvements, strategic direction, and continuous improvement measures.
- Vendor Management responsibilities with MSSPs and IR vendors.
- 8-10+ years experience leading global information security programs and applying information security, risk management and privacy practices
- Experience building an IT Security department in a high growth, highly regulated, technology company.
- Experience supporting organizations using Microsoft Office and Azure cloud services.
- In-depth understanding of cyber security best practices including secure software development/DevSecOps in a cloud native environment
- Experience in assessing and managing risks to information systems and data.
- Demonstrated strong ability to communicate with senior company leadership and get buy in for any security-related projects or initiatives.
- Experience rolling out global security training to better educate employees on current threats.
- Has a deep understanding of the technical foundation of security best practices in the cloud; can speak comfortably with developers and engineers.
- Ability to communicate effectively with regulators and auditors on matters related to information security and compliance.
- Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), etc.
- Azure certifications a plus.
- Experience with a diverse set of industry-standard Information Security Frameworks (e.g. COBIT, ISO, CIS, ISF, NIST, SOC 2, etc.)
Unsure if you meet the qualifications?
We are constantly in search of skilled individuals who can contribute to our diverse and inclusive team, enriching us with a variety of perspectives, skills, backgrounds, and approaches. If you share our passion for what we do, we invite you to submit your application!