Assistant Vice President

New York City, NY - USA

Yearly Salary: $ 80000 - 90000

Posted on: 9 hours ago

Vacancies: 1 Vacancy

Job Summary

The governance risk and compliance (GRC) security analyst are responsible for supporting the overall GRC program security direction of the business and elevating the companys security posture. The position requires both an understanding of legacy systems as well as new technologies and requirements. The GRC security analyst is also responsible for supporting the planning and design of policies and maintenance.

The ideal candidate is technical and possesses experience in security compliance or risk management. The role oversees the business security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA) Sarbanes-Oxley Act (SOX) and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership the GRC security analyst consistently assesses and validates the assurance of the security program. The GRC security analyst will help facilitate communications with internal and external auditors and monitors progress of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team the GRC security analyst must focus on strong risk management and corporate resiliency and not be driven solely by compliance.

Essential Job Functions:

Conduct enterprise-wide ongoing risk analysis in tandem with compliance and security.
Manage a comprehensive risk register within a GRC-related platform.
Identify strengths and weaknesses in the security program as they relate to privacy security business resiliency and compliance frameworks.
Document formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
Support the oversight of third parties vendors and business partners to safeguard against undue risk presented by external entities.
Analyze findings and document recommend and report program gaps to security leadership.
Assist in the development of Policy Procedures and Standards. Build and maintain a central IS documentation repository with periodic review and update as needed.
Monitor current and proposed security changes impacting regulatory privacy and security industry best practice guidance. Apply GRC expertise across key lines of business including products practices and procedures.
Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
Function as a key participant in incident response to track occurrence and resolution with documentation and reporting.
Work in tandem with security audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
Attend and fully engage in project management meetings.
Liaison with auditors both internal and external to maintain and implement controls for compliance and privacy laws.
Function as a point of contact for disaster recovery and business continuity as it relates to security frameworks compliance and privacy laws.
Perform other duties as assigned.

Knowledge Skills and Experience Requirements:

Bachelors degree in computer science information assurance MIS or related field or equivalent industry experience.
At least 1-2 years exposure with various security frameworks. Any AI or machine learning is preferred.
Ability to produce executive level reporting in power point and excel.
Strong business acumen and security technology skills for well-rounded proficiency as well as proven ability to align with security practices and compliance responsibilities.
Experience and understanding of various regulatory requirements and laws including but not limited to PCI SOX and GLBA. Additional experience in one or more of the following: FFIEC ITIL or NIST.
Exceptional written and verbal communication skills and proven ability to translate security and risk to all levels of the business.
Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing and application security is required.
Up-to-date understanding of a wide range of incident response system configuration vulnerability management and hardening guidelines.
Track record of acting with integrity taking pride in work seeking to excel being curious and adaptable and communicating effectively.
Prior team leadership experience preferred.
Preferred experience with cloud environments such as Microsoft Azure.
Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.
Self-motivated directed and well-organized with the vision to position controls in anticipation of threats.
Familiarity with state federal privacy laws.
Highly trustworthy; leads by example.
Holds or is working toward one or more of the following: CISSP CRISC CGEIT or CGRC.

Required Experience:

Exec

Essential Job Functions:

Conduct enterprise-wide ongoing risk analysis in tandem with compliance and security.
Manage a comprehensive risk register within a GRC-related platform.
Identify strengths and weaknesses in the security program as they relate to privacy security business resiliency and compliance frameworks.
Document formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
Support the oversight of third parties vendors and business partners to safeguard against undue risk presented by external entities.
Analyze findings and document recommend and report program gaps to security leadership.
Assist in the development of Policy Procedures and Standards. Build and maintain a central IS documentation repository with periodic review and update as needed.
Monitor current and proposed security changes impacting regulatory privacy and security industry best practice guidance. Apply GRC expertise across key lines of business including products practices and procedures.
Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
Function as a key participant in incident response to track occurrence and resolution with documentation and reporting.
Work in tandem with security audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
Attend and fully engage in project management meetings.
Liaison with auditors both internal and external to maintain and implement controls for compliance and privacy laws.
Function as a point of contact for disaster recovery and business continuity as it relates to security frameworks compliance and privacy laws.
Perform other duties as assigned.

Knowledge Skills and Experience Requirements:

Bachelors degree in computer science information assurance MIS or related field or equivalent industry experience.
At least 1-2 years exposure with various security frameworks. Any AI or machine learning is preferred.
Ability to produce executive level reporting in power point and excel.
Strong business acumen and security technology skills for well-rounded proficiency as well as proven ability to align with security practices and compliance responsibilities.
Experience and understanding of various regulatory requirements and laws including but not limited to PCI SOX and GLBA. Additional experience in one or more of the following: FFIEC ITIL or NIST.
Exceptional written and verbal communication skills and proven ability to translate security and risk to all levels of the business.
Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing and application security is required.
Up-to-date understanding of a wide range of incident response system configuration vulnerability management and hardening guidelines.
Track record of acting with integrity taking pride in work seeking to excel being curious and adaptable and communicating effectively.
Prior team leadership experience preferred.
Preferred experience with cloud environments such as Microsoft Azure.
Demonstrated problem-solving capabilities and ability to manage complex local and international security requirements.
Self-motivated directed and well-organized with the vision to position controls in anticipation of threats.
Familiarity with state federal privacy laws.
Highly trustworthy; leads by example.
Holds or is working toward one or more of the following: CISSP CRISC CGEIT or CGRC.