Previous Job
VP, Information Risk Management
Ref No.: 18-01441
Location: Livingston, New Jersey
The Information Risk team sits within the Risk Management organization and serves as the 2nd line of defense to front line technology, operations, and business units for Information and Cyber Security. The team is responsible for governance, oversight, and providing credible challenge to ensure Cyber and Information Security Risks are properly managed and governed within the Information and Cybersecurity Program.

As Vice President, your primary responsibility will be designing, managing, and/or performing scenario based assessments to determine the effectiveness of the program. These activities include coordinating independent penetration tests, leading tabletop exercises, and coordinating cyber war games. Strong Communication skills will be essential as you will need to be able to speak to both technical and non-technical audiences; often translating technical issues to demonstrate risk.

Responsibilities will include:
  • Participating in regulatory assessments & audits (FFIEC, GLBA, SOX, HIPAA, PCI)
  • Providing guidance and governance to Information Technology (IT) teams to drive a risk aware culture
  • Participating in daily security briefing calls
  • Collaborating with IT Security teams to develop actionable metrics as a result of the Threat & Vulnerability Management program
  • Coordinating for Incident Response, pulling in and working with appropriate support groups (Legal, IT Security, and HR) as needed.
  • Bachelor's Degree in Management Information Systems, Information Systems Auditing, other related fields; or equivalent work experience is required
  • Excellent PC skills and demonstrated proficiency with MS Office Suite.
  • Ability to work independently with or without direction and/or supervision.
  • Ability to multitask and prioritize work assignments in a time sensitive environment with flexibility and adaptability in work approach.
  • Working knowledge of IT Security Technology is preferred but not required (e.g., firewalls, proxies, IDS/IPS, DLP, Vulnerability Scanning Tools)
  • Familiarity with the Common Vulnerability Scoring System (CVSS) and other Vulnerability Management Databases (e.g., CVE, CWE, NVD) is a plus
  • Effective organizational skills including attention to detail and the ability to drive change
  • Effective stakeholder management
  • Ability to translate regulatory requirements into practical considerations and solutions for GRC processes, risk management, and control management.
  • Working knowledge of auditing (ISACA), cyber and information security frameworks (NIST, FFIEC, ISO27001, ISO27002), IT Best Practices (ITIL), and regulatory guidance (GLBA, PCI-DSS) is a plus
  • Familiarity with three lines of defense within a financial institution is required.
  • Prior experience working with Internal Audit and external regulators (e.g. OCC, FRB) is highly preferred.
  • Minimum of 7 years of professional experience in a related field
  • CISSP, CISA, CISM certifications are a plus