Vice President Information Security

Top-Tier Bank in Midtown, Manhattan is seeking a Information Security Vice President for a full-time position!

Key Responsibilities:

• Develop and maintain comprehensive security manuals.
• Supervises and delegates tasks to Jr. Information Security Team Members
• Regularly report on remediation progress to the Chief Information Security Officer (CISO) or Chief Risk Officer (CRO).
• Conduct vulnerability scans using Qualys and monitor for new and existing threats, collaborating with IT and users to address them.
• Prepare and present daily, weekly, and monthly security reports to identify issues and ensure timely remediation.
• Lead risk assessments, audits, governance efforts, and policy reporting, preferably in a financial institution context.
• Assist in aligning security controls with organizational policies, procedures, and processes, and ensure their proper testing for adequate coverage.
• Monitor system events daily to detect and respond to potential malicious activities.
• Review and approve firewall rules using Tufin.
• Oversee daily monitoring of Data Loss Prevention tools such as Trellix EPO and TMS.
• Use Spirion to create and run scans for detecting files containing Personally Identifiable Information (PII) and ensure compliance with the data retention policy.
• Manage Privileged Access Management (PAM) and generate reports.
• Lead weekly IT meetings to discuss vulnerabilities, patches, and alarms triggered by security tools.
• Stay updated on potential threats by monitoring sources like the Qualys Threat Protection Feed and CISA alerts, and ensure appropriate actions are taken to protect the network.
• Collaborate with control owners to remediate identified deficiencies and track their progress.
• Contribute to the enhancement of the Information Security program, focusing on increasing its maturity through strategy development and process improvements.
• Support efforts in assessing, managing, and remediating information security risks related to IT infrastructure, applications, platforms, and suppliers, ensuring clear requirements and timelines are established.

Qualifications:

• 7 years of experience in managing information security governance, risk, and compliance.
• Management experience
• Bachelor’s degree
• Security certifications (e.g., CISSP, CISA, CISM, CEH) are advantageous but not mandatory.
• Solid knowledge of security frameworks such as NIST, SOC2, ISO, FFIEC, and NYDFS-Part500.
• Strong communication, presentation, and writing skills, with fluency in English.
• Experience with Governance, Risk, and Compliance (GRC) tools like RSA Archer.
• Proficient in Microsoft Office applications.