Lead Information Security Specialist / Risk Assessment

Magnify is seeking a highly skilled Lead Information Security Analyst to join our Client's team within the financial services/banking sector. This individual will play a key role in ensuring the security and integrity of the organization's data, systems, and networks. The ideal candidate will have extensive experience in technology controls and information security, with a proven track record of leading large, complex projects and initiatives. As an expert resource, this position will require strong business acumen and communication skills, the ability to think critically and lead enterprise sized projects.

Location: Candidates are required to live in the Charlotte Metro area or be able to travel to the Charlotte, NC area monthly.

Employment Type: Full time, direct hire

Schedule: Mon - Friday

Key Responsibilities:

• Project Leadership & Expertise:
• Lead and provide expert advice on complex, large-scale security projects, initiatives, and strategic efforts to improve the organization's security posture. Act as the primary subject matter expert in technology controls and information security, guiding project teams and key stakeholders in securing sensitive data and systems.
• Must have experience LEADING enterprise sized projects

• Compliance & Regulatory Requirements:
• Ensure that security practices align with industry regulations such as NIST, NIST CSF, ISO 27001, GDPR, PCI DSS, SOX, CMMI, FFIEC and other relevant compliance standards. Develop and maintain documentation and reporting to track compliance and address security audits.
• Must have strong knowledge and experience working with regulations such as NIST, NIST CSF, GDPR etc.

• Technology Controls and Security Oversight:
• Oversee and ensure the implementation of technology controls and security best practices across the organization. Provide recommendations on security architecture, technology infrastructure, and security operations for complex IT environments.

• Risk Management:
• Evaluate and mitigate security risks across the business, understanding and prioritizing risk management strategies, particularly for financial data, sensitive customer information, and internal systems. Help establish and maintain a security risk framework in line with industry regulations and best practices.

• Collaboration & Advisory Role:
• Serve as the lead resource for information security guidance within cross-functional teams, including IT, business units, vendors, and external partners. Offer expertise to help integrate security into system design, software development, and other business initiatives.

• Incident Response & Recovery:
• Assist in managing security incidents by providing expert insights during investigations and offering remediation strategies. Ensure post-incident analysis and improvement of security protocols.

• Training & Knowledge Sharing:
• Mentor and provide security training to employees, business units, and vendors. Ensure that security awareness is integrated across all levels of the organization.

• Continuous Improvement:
• Stay current with the latest information security trends, threats, and regulatory changes. Identify opportunities for security process improvements and the adoption of emerging technologies.
• Other duties as assigned

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field highly preferred
• Relevant certifications (CISSP, CISM, CISA, etc.) preferred.
• Minimum of 7 years of experience in information security, technology controls, or a related field, with at least 2 years in a lead or specialist capacity.
• Experience working within the financial services or banking industry is highly desirable.
• Deep understanding of security frameworks, technology controls, risk management, and regulatory requirements (e.g., GDPR, PCI DSS, SOX, ISO 27001, CMMI,).
• Advanced knowledge of cybersecurity threats, vulnerabilities, and countermeasures in the context of financial services.
• Demonstrated ability to lead large-scale, complex projects and initiatives from a security perspective.
• Experience collecting evidence, completing mapping based on regulatory requests
• Strong interpersonal and communication skills, with the ability to collaborate across teams, advise senior leadership, and present security findings to both technical and non-technical stakeholders.
• Proficient in risk management tools, security technologies, vulnerability management, firewalls, intrusion detection systems, encryption, identity management, and network security.
• Ability to think critically and strategically to identify, analyze, and resolve complex security issues in a fast-paced environment.