Information Security Officer – Deputy CISO

We are seeking a seasoned Information Security Officer – Deputy CISO to join our dynamic team. This role is pivotal in ensuring that our bank adheres to global policies, procedures, and regulatory requirements, particularly within the U.S. The successful candidate will work closely with the Chief Information Security Officer (CISO) to maintain the integrity, confidentiality, and availability of our information assets. You will play a key role in identifying and assessing risks, threats, and vulnerabilities, while overseeing the implementation of effective controls to mitigate these risks.

Key Responsibilities:

• Second Line of Defense Management: Assist in managing the Second Line of Defense Cybersecurity and Information Security frameworks, ensuring robust oversight and challenge of IT processes and controls.
• Risk Assessment: Conduct thorough assessments of the adequacy and completeness of risks and controls related to Information and Cybersecurity within the Americas Platform, including overseeing penetration tests and maturity assessments.
• Enhancement Recommendations: Proactively recommend enhancements to business processes and controls to bolster the overall effectiveness of the Second Line of Defense Cybersecurity Program.
• Compliance Oversight: Ensure compliance with all legal and regulatory requirements related to cybersecurity, with a specific focus on adherence to DFS NYCRR 23 Part 500, including the preparation of the annual CISO report to the Board.
• Monitoring and Threat Assessment: Operationalize the Monitoring and Threat Assessment Framework, utilizing vulnerability indicators, heat maps, and key risk indicators to gauge risk effectiveness.
• First Line of Defense Oversight: Perform oversight controls of the first line of defense to ensure continuous effectiveness of IT risk management controls, in alignment with Natixis Information Security Policies and Standards.
• Reporting and Updates: Provide monthly reporting and program updates to senior management and the Americas Technology Risk Management Committee.
• Security Monitoring: Monitor applications, systems, and networks to ensure compliance with security policies and procedures.
• Training and Awareness: Lead information security awareness training initiatives, including conducting phishing simulations and senior management training sessions.
• Data Risk and Privacy Support: Collaborate with Data Risk and Privacy programs to implement industry best practices and align information security controls with local, state, federal, and international privacy regulations.
• Vendor Risk Management: Assist in managing the information security residual risk exposure related to third-party vendors and affiliates.
• Incident Response: Participate in Cyber incident response and recovery efforts, providing subject matter expertise as needed.

Qualifications:

• Bachelor's or Master’s degree in Computer Science, Information Security, or a related technical field.
• A minimum of 10 years of experience in information security and/or IT security within the banking sector.
• Strong understanding of information security risk, IT processes, and control frameworks.
• Experience in conducting IT risk assessments is highly preferred.
• Proven track record in developing and maintaining security policies and procedures.
• Excellent communication and interpersonal skills to effectively collaborate with teams across diverse geographical and cultural environments.
• Familiarity with IT risk frameworks such as ISO 27001, NIST Cybersecurity Framework (CSF), COBIT, and COSO.
• Hands-on experience with Governance, Risk, and Compliance (GRC) tools (e.g., Archer) is a plus.
• Relevant certifications such as CISM, CISSP, or CRISC are preferred.

Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law.

Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities.

The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.