About the Role
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO will work closely with executive management to determine acceptable levels of risk for the organization and implement solutions to mitigate those risks while aligning with business goals.
Key Responsibilities:
Strategy & Leadership:
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
Lead and coordinate cross-functional teams to drive a security-first culture across the organization.
Serve as a subject matter expert to executive leadership and the board on information security risks and regulatory issues.
Risk Management:
Identify, assess, and prioritize cybersecurity risks, including emerging threats specific to the financial services sector.
Oversee the continuous monitoring of security trends and threat intelligence to identify vulnerabilities and enhance protection measures.
Implement and manage a robust incident response plan, ensuring rapid and effective containment and recovery in the event of a security breach.
Compliance & Governance:
Ensure compliance with relevant federal and state regulations (e.g., NYDFS 500, SEC, GLBA, SOX, etc.) and industry standards such as ISO 27001, NIST, and PCI-DSS.
Collaborate with legal and compliance teams to ensure the protection of sensitive customer data and adherence to privacy laws (e.g., GDPR, CCPA).
Lead audit processes for information security certifications and manage relationships with external auditors.
Security Architecture & Technology:
Lead the design and implementation of a secure architecture across the company’s IT infrastructure, applications, and cloud services.
Partner with IT and development teams to embed security into system development lifecycles (DevSecOps).
Oversee the management and execution of security tools such as SIEM, firewalls, encryption, and identity and access management solutions.
Vendor Management:
Evaluate, select, and oversee third-party vendors and service providers to ensure they meet security standards.
Conduct vendor risk assessments and ensure compliance with security policies.
Team Development:
Build and lead a high-performing cybersecurity team, providing mentorship, training, and career development.
Promote security awareness training programs for employees to minimize the risk of human error and insider threats.
Budgeting & Reporting:
Develop and manage the cybersecurity budget, allocating resources effectively to support strategic goals.
Provide regular reports to the executive team and board of directors on the state of information security, including KPIs and risk mitigation efforts.
Qualifications:
Bachelor's degree in Information Security, Computer Science, or a related field (Master’s degree preferred).
At least 10 years of relevant experience in cybersecurity or IT risk management, with at least 5 years in a senior leadership role.
Industry certifications such as CISSP, CISM, CISA, CRISC, or equivalent.
Extensive knowledge of information security frameworks, regulations, and best practices in the financial services industry.
Experience with cloud security (AWS, Azure, etc.), and knowledge of digital payment systems, trading platforms, and financial data protection.
Demonstrated ability to communicate and collaborate effectively with C-level executives, technical teams, and regulatory bodies.
Strong leadership and team management skills, with the ability to build and maintain a high-performing security function.
Preferred Qualifications:
Experience in a fast-paced financial services environment, preferably in banking, insurance, or asset management.
Familiarity with secure software development practices and experience in implementing DevSecOps frameworks.
Expertise in managing large-scale security incidents and conducting post-breach forensic analysis.
Requirements
About the Company
A leading financial services company.