VP of Cloud Security Risk Assessment

A financial institution is seeking a Cloud Security Risk Assessment Vice President who is experienced working in a Cloud Security Risk Program that includes running projects and BAU activity for assessing and reporting on risk and controls for Service Providers and their supporting tools. The Cloud Security Risk Assessment Vice President will be responsible for maintaining a program that will drive Cloud governance, security improvements, and efficiency across the Bank and the various group companies. He/she will lead efforts to continuously monitor Cloud Security Risks in a dynamic environment and will also lead projects related to information security risk management processes and system implementations. Additionally, the Cloud Security Risk Assessment Director will partner with various departments of the Bank on developing new risk management processes and ensure the roles and responsibilities are clearly defined among different teams.

***Onsite once a month in White Plains, NY OR Charlotte, NC OR Chicago, IL***

Responsibilities:

• Prioritize and complete internal and external risks assessments as required and negotiate with requesters on validity of the requests as needed.


• Partner with other risk departments of the bank to collaborate on BAU activities or projects and define clear roles and responsibilities on risk management processes, ensuring information security risks and controls throughout the bank are sufficiently assessed and managed.


• Complete independently or assign resources to various information security risk assessment activities such as self-assessments requested by clients and regulators, as needed.


• Fully understand Cloud security risk and controls and can simplify and articulate risk and controls to both technical and business stakeholders.


• Continuously enhance/streamline processes and technology in the Cloud security risk management space.


• Formally manage junior staff as direct reports.


• Function as an internal cloud security consultant on information security initiatives as assigned by the Executive Director and CISO.


• Function as SME to defend and advocate security controls.


• Communicate policy, procedure, and standard updates to stakeholders concisely and clearly.


• Clearly articulate security and technical controls and corresponding technical and operational risks to stakeholders


• Assess Cloud-based risks and controls against internal requirements, best practices, and industry frameworks.


• Ensure compliance with all policy and standard requirements applied to Cloud services and technology.


• Coordinate with various departments to ensure Cloud Security documentation requests are comprehensible and addressed timely.


• Serve as the Cloud Security SME and as a change agent to enable cloud transformation initiatives from a security perspective.


• Work closely with DevOps teams to assess practices for deploying new systems in the Cloud.

Qualifications:

• Ability to lead complex tasks and technical projects and assign resources to complete the tasks timely.


• Have strong knowledge of cloud information security controls, risks and best practices in a large financial institution or banking environment.


• Have strong knowledge of cloud service providers (e.g., Google Cloud Platform, AWS, and AAD), cloud-based applications and tools (e.g., CASB), as well as the security controls that are unique to such solutions.


• Have strong knowledge of commonly used banking applications, operating systems, and databases.


• Have strong knowledge of cyber security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST, Cloud Security Alliance).


• Have working knowledge of various risk functions in large financial institutions, including how these risk functions relate to the management of information security risks.


• Have strong verbal and written communication skills.