Job Details

The successful individual will be part of a high energetic team and will be required to hit the ground running.

Purpose of the Job:
This is a management role
The ISO serves as a resource (consultant) regarding matters of information security and reports the status of ongoing information security activities to the Chief of Information Security (CISO). We are looking for an individual with strong leadership capabilities who is comfortable facing-off demanding business users. In particular we are looking for an individual with the below traits:

• A Self driven ‘get on and do it’ attitude and strong problem solving abilities
• A strategic thinker with the ability to help shape and drive Information Security strategies for the investment bank
• Proven experience of building strong working relationships with various business/IT partners
• Proven SOX related ITGC consulting / auditing / implementation experience.
• Experience in IT Risk Management will be advantageous.
• Resilient and the ability to work in fast paced environment
• Proven record of project delivery.
• Experience must include senior management level interaction.
• A Self driven ‘get on and do it’ attitude and strong problem solving abilities
• A strategic thinker with the ability to help shape and drive information security and privacy strategies for the bank

Responsibilities:
• Participate in strategic planning sessions to help formulate strategic plans and ensure IT alignment with business priorities along with other project solution teams
• Source, understand, explain, and justify the inclusion or consideration of best practices frameworks and enabling technologies
• Build world class intellectual capital and raises the quality of awareness by identifying new technologies; demonstrating business value and explaining functional and process benefits for stakeholders
• Explains the gaps between current infrastructure practices and future best practice trends and developments – able to guide and recommend action, based on a comprehensive appreciation for best practices and industry specific needs
• Predicts current and future system and security requirements based on these trends
• The ISO will challenge the client to think strategically about technical solutions for their business challenges
• Will ensure detailed project plans are created and used throughout the project to project manage milestones, dependencies and costs (following the SLDC process)
• Will communicate continuously with the CISO/Leadership as to status of deliverables and potential risks to successful completions of all projects
• Will ensure written reports are sent in a timely manner to technology management and business partners
• Conduct and complete annual review(s) of required regulations and reports.
• Assist/maintain appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted patient data and protect against reasonably anticipated threats and hazards.
• Oversee and/or assist in performing on-going security monitoring of organization information systems including:
• Assess information security risk periodically.
• Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
• Evaluate and recommend new information security technologies and counter-measures against threats to information or privacy.
• Ensure compliance through adequate training programs and periodic security audits.
• Provide value-added solutions to improve risk management practices
• Develop trusting and respectful relationships with various business partners to create an open environment for sharing risk identification and resolution practices.
• Consult with business units regarding ever changing business and technical plans to ensure that information security concerns (non-compliant issues) are addressed
• Determine appropriate and critical control objectives for activities being audited
• Design audit tests for critical controls to ensure compliance with professional standards
• Evaluate audit observations and draft recommendations to improve policies, procedures and controls
• Develop action plans and monitor various research projects to ensure the achievement of objectives

Competencies:
• Technical Knowledge
• Control Environment
• Business Skills
• Personal and Interpersonal Skills
• Management and Leadership Skills

Knowledge and Skills:
• Information Security knowledge: Confidentiality, Integrity, and Availability
• Enterprise compliance and governance knowledge/understanding
• Knowledge of the financial industry
• Strong presentation and influencing skills required
• Exposure to IT/architecture and practices, enterprise systems and software, project and corporate environment
• Strong relationship building skills
• Demonstrated analytical skills
• Ability to think short-long term
• Excellent written and verbal communication skills
• Must be able to communicate with all levels of management and employees
• Understanding of compliance & risk related legislation

Experience:
5-8 years analyst/management experience required