In this position you will play a critical role in shaping and maintain our firmwide cybersecurity policies and procedures. This position requires a proven track record in policy development, deep familiarity with the NIST Cybersecurity Framework and controls, and an understanding of financial services cybersecurity regulations. You will partner with colleagues from Compliance, Legal, HCM, Office of Global Security, and Internal Audit to leverage all available resources in advancing the program.

HOW YOU WILL FULFILL YOUR POTENTIAL

Your responsibilities will include proactively identifying opportunities to improve the detection and response capabilities of security controls with a focus on insider threat areas. To support this, you will be collaborating and partnering with the Technology Risk Hunt team, Cyber Threat Intel team and Detection Engineering team.

Responsibilities include:

• Review and update cybersecurity policies, frameworks, and standards to align with industry best practices and regulatory requirements.
• Collaborate with cross-functional teams, including Tech Risk, Engineering, Compliance, and Legal and Privacy to ensure policies are comprehensive and cover all aspects of the cybersecurity landscape.
• Conduct thorough analysis of existing firmwide policies, frameworks and procedures and where necessary, update them to ensure they are aligned with NIST and industry standards.
• Demonstrate clear and concise written communication skills, translating complex technical concepts into easy-to-understand policy documents for stakeholders.
• Utilize previous experience in incident response or incident management to incorporate relevant changes into incident handling procedures.
• Stay up-to-date of emerging cybersecurity trends and regulatory changes, providing expert insights into the potential impact on existing policies and recommending necessary updates.

Skills:
BASIC QUALIFICATIONS

• Proven experience (minimum of 8 years) in enterprise policy writing, specifically in the financial services sector.
• Thorough understand of the NIST Cybersecurity Framework, its controls, and practical implementation within a financial services context.
• Strong knowledge of financial services cybersecurity regulations and the ability to integrate them into comprehensive policies.
• Excellent organizational skills and attention to detail to ensure policies are consistently updated to reflect the evolving threat landscape and regulatory environment.
• Demonstrated ability to work collaboratively across departments, ensuring effective communication and adherence to policies throughout the firm.
• Ability to multitask and prioritize work effectively.
• Proven verbal and written communication skills, with an ability to clearly explain complex technical challenges.

PREFERRED QUALIFICATIONS

• 8 years' relevant cybersecurity experience in cyber incident management, threat intelligence, investigations or data analysis
• Experience working in incident response or incident management, including developing and updating incident response or incident management plans and playbooks.
• Familiarity with industry-leading cybersecurity tools and technologies.
• Highly motivated self-starter

Education:

• Bachelors degree in Cybersecurity, Computer Science, Information Systems, or a related field.