Lawrence Harvey has partnered with a Financial Services firm in the New York City area undergoing massive growth and expanding their Security GRC team. The Information Security Officer will sit under the Deputy CISO and work closely across many technical teams to oversee projects, enforce policies and procedures tied to regulatory compliance and ensure seamless integration of said changes.

This individual will need to have comprehensive overview of all areas of security, which include: Security Operations, IAM, Incident Response, Cloud Security, Vulnerability Management and beyond.

Responsibilities:

• Engage with IT and business personnel across different levels to oversee crucial security functions, assess key IT processes through an information security lens, and offer advice on optimal practices and strategies.
• Maintain uniform security governance and stay informed on project progress; generate quality reports illustrating program status, areas for improvement, and successes.
• Collaborate, monitor, and offer guidance, assessment, and support for information security audits, encompassing audit scope, issue identification, and issue resolution, to present the institution in the most favorable manner.
• Lead initiatives to internally assess, evaluate and recommend new solutions to management regarding the standards of the security controls, security programs across the enterprise
• Provide status reports and dashboards on various matters (BAU activity, projects, KRIs, strategy, etc.)
• Be up to date with issues, threats, vulnerabilities and regulatory changes affecting the organization, and perform independent research as needed.
• Provide consultation and guidance to IT/Security teams when needed to address standards and policies.

Technical Skills Required:

• Understanding of information security controls, tools, and methodologies, encompassing incident response, IAM, DLP, vulnerability scanning and reporting, SecOps and Cloud security.
• Familiarity with cybersecurity requirements and best practices within the Financial Services industry, such as the Federal Reserve Bank (FRB), New York Department of Financial Services (NYDFS), as well as awareness of regulations and frameworks from the U.S. Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), Office of the Comptroller of the Currency (OCC), and the California Consumer Privacy Act (CCPA).
• Experience leading major projects and initiatives
• Proven ability to assess large data sets and create reporting for C-level executives, which will be presented to the board

Education and Other Experiences:

• Bachelors and/or Masters
• 6+ years in Cybersecurity or IT, with at least 3+ within the Security GRC function or with relative crossover
• Knowledge of several information security and technology frameworks including: FFIEC, ISO, NIST
• Experience working at a Financial Services firm
• CISSP, CRISC, CISA, CISM, CEH or CCSP certifications a plus