Previous Job
Senior Manager, Assurance, Cyber Risk
Ref No.: 17-00127
Location: New York, New York
HSI seeks a Senior Manager, Assurance, Cyber Risk for our client in NYC.

The Cyber Risk team is seeking a Senior Manager (SM) to lead overall development of an assurance program to evaluate, measure, and manage risks across our customer. The SM provides information security leadership in the design, development and implementation of the cyber risk management program, including: developing a risk management framework for assessing cyber risk across varying solution cells, designing an assurance program to gather and report on metrics, advising on policies and procedures and influencing the strategic direction for our client as a whole. The position requires an individual with strong security and business management skills. SM will proactively work with our clients Cell and IT leadership to promote information security awareness and implement security practices that meet defined policies and standards for security.

Job Functions:
  • Develop the Cyber Risk Assurance Program, which includes reaching consensus with the central and cell-specific Information Security and Risk teams on the core components of risk management and compliance
  • Collaborate with the appropriate internal teams to facilitate the development of a standard risk assessment program to evaluate the effectiveness of cell-specific information security practices
  • Work directly with the key functional areas (Information Security, Risk Management, Legal, Compliance & Client Facing Teams) to ensure engagement and collaboration regarding solution development, implementation, execution and calibration.
  • Develop, maintain, communicate and provide guidance firm security policies and standards; manage the policy exception process.
  • Work collaboratively with cell leadership, information security, and risk colleagues to identify appropriate levels of risk and develop appropriate risk treatment plans in line with overall firm cyber strategy.
  • Liaise with external agencies and other advisory bodies as necessary to ensure that the Firm maintains a strong security posture and privacy program, and to ensure that security programs are in compliance with applicable laws, regulations and policies.
  • Help lead data governance efforts that include data inventory, classification and implementation of security controls in support of privacy (GDPR) and security compliance.
  • Provide subject matter expertise to executive management on a broad range of information security standards and leading achievable practices, such as ISO, NIST CSF.
  • Develop relevant metrics to measure the efficiency and effectiveness of the programs, facilitate appropriate resource allocation and enhance the maturity of the security and compliance program.
  • Contribute to annual cyber strategy through definition of objectives and respective work stream requirements.

  • 10 years of experience in a leadership role in combination of risk management, security and/or IT; 4-5 years of IS related business experience at a Big 4 preferred
  • Hands on experience of technical security concepts including authentication, authorization, data security, application security, cloud services and data governance.
  • Professional certification, such as a CISSP or CISM or other comparable information security credentials, is required.
  • Experience with privacy regulations such as GDPR preferred.
  • Experience with the following industry/regulatory requirements and frameworks: ISO27001/2, COBIT, SOC2, SOX, NIST 800-53, NIST CSF
  • Excellent written and verbal communication skills and ability to articulate and present information to all levels of management and to both a technical and non-technical audience
  • Demonstrated successful people leadership; strong interpersonal and collaborative skills
  • Critical thinker with strong problem-solving and analytical skills
  • Experience in partnering with IT teams from different disciplines in a combined effort to achieve project success
  • Comfortable in a fast-paced environment and simultaneously working across multiple projects