Looking for an experienced Senior Cyber Strategist. Reporting to the Director of Information Security Program Strategy and Metrics, this role will be responsible for documenting security program strategy, InfoSec program metrics, audit client management, business engagement and program communications. The selected individual will have the opportunity to contribute to building a leading Information Security Program adopting the latest cloud technology and standards-based controls.
Key Job Functions
The role requires the individual to leverage their existing information security knowledge and their risk management background to drive an advanced Information Security Program in a fast-paced environment.
- Document the strategy and identify improvement initiatives for the CSS information security program.
- Establish program-wide metrics (KRIs and KPIs) to communicate risk, demonstrate progress and build awareness of information security program performance.
- Define and manage an InfoSec Engagement model that enables other team members to leverage InfoSec team services to secure company data.
- Build and maintain a Business Continuity Program for Information security to meet business and IT services BCP requirements.
- Oversee product and services vendor relationships for Information Security and work with the procurement function define contracting terms.
- Implement and improve procedures and processes to optimize information security program effectiveness and to fulfill operational/regulatory objectives.
- Influence information security capability maturity by identifying relevant security industry practices and partnering across the organization to implement improvement projects.
- Drive InfoSec requirement for adoption of a GRC tool and integrate with the InfoSec metrics program.
- Assist with program brand development and implementation of communication strategies. Serve as program spokesperson; plan and publish content and deliver internal and external program communications to the appropriate audience through various channels.
Education BA/BS degree or higher in an IT related field
- Must have at least 8-10 years experience in a combination of IT, Information Security program management, cyber defense strategy and Information Security risk management
- Industry Certification, e.g. CISSP, CISA, CISM or equivalent designation is required
- Demonstrated experience developing and maintaining an Information Security Metrics Program is required
- Experience of successful delivery of information security related projects is required.
Specialized Knowledge & Skills
- Demonstrated understanding of Information Security Program components required for financial services critical infrastructure.
- Demonstrated understanding of information security policies, standards, industry best practices, and frameworks. (including ISO 27001/2, NIST 800-53, FISMA, FedRAMP)
- Experience of Information Security program reporting to “C” level management is highly desired.
- Knowledge of cloud technology is highly desirable (AWS, Azure, etc.)
- Experience as an Information Security Architect or Information Security management role is highly desirable
- Excellent interpersonal skills, presentation skills, and verbal / written communication skills
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
- Good understanding of network security, OSI model, and information security architecture
- GSE or equivalent financial services experience in an IT or InfoSec role a plus