Vice President Information Security

Vice President - Senior Information Security AnalystLocation: Onsite in NYC Midtown, 5 days a weekThis role also supervises and delegates tasks to Jr. Information Security Team MembersKey Responsibilities:Develop and maintain comprehensive security manuals.Supervising and delegating tasks to at least 1-2 IS Team membersOversee daily monitoring of Data Loss Prevention tools such as Trellix EPO and TMS.Use Spirion to create and run scans for detecting files containing Personally Identifiable Information (PII) and ensure compliance with the data retention policy.Manage Privileged Access Management (PAM) and generate reports.Lead weekly IT meetings to discuss vulnerabilities, patches, and alarms triggered by security tools.Stay updated on potential threats by monitoring sources like the Qualys Threat Protection Feed and CISA alerts, and ensure appropriate actions are taken to protect the network.Collaborate with control owners to remediate identified deficiencies and track their progress.Contribute to the enhancement of the Information Security program, focusing on increasing its maturity through strategy development and process improvements.Support efforts in assessing, managing, and remediating information security risks related to IT infrastructure, applications, platforms, and suppliers, ensuring clear requirements and timelines are established.Regularly report on remediation progress to the Chief Information Security Officer (CISO) or Chief Risk Officer (CRO).Conduct vulnerability scans using Qualys and monitor for new and existing threats, collaborating with IT and users to address them.Prepare and present daily, weekly, and monthly security reports to identify issues and ensure timely remediation.Lead risk assessments, audits, governance efforts, and policy reporting, preferably in a financial institution context.Assist in aligning security controls with organizational policies, procedures, and processes, and ensure their proper testing for adequate coverage.Monitor system events daily to detect and respond to potential malicious activities.Review and approve firewall rules using Tufin.Analyze system events through the AlienVault SIEM and follow up on detected issues.Monitor the network for malicious activity or exploitation using Tipping Point IPS.Liaise with vendors for troubleshooting and maintaining security tools.Qualifications:7+ years of experience in managing information security governance, risk, and compliance.Bachelor's degree Security certifications (e.g., CISSP, CISA, CISM, CEH) are advantageous but not mandatory.Solid knowledge of security frameworks such as NIST, SOC2, ISO, FFIEC, and NYDFS-Part500.Strong communication, presentation, and writing skills, with fluency in English.Experience with Governance, Risk, and Compliance (GRC) tools like RSA Archer.Proficient in Microsoft Office applications.Mandarin speaking is a big plus

Created: 2025-01-28