VP - Information Security Risk Manager

Job information: Functional title: Information Security Risk Manager Department: Risk Management Corporate level: VP Report to: Director, Information Security Risk Manager Location: NJ What you will be doing: Review and Credible Challenge - Provide independent review and effective challenge of the IT Security department's information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, incident management, metrics and key risk indicators, risk appetite, operational risk issue management, and associated reporting. Risk Identification - Identify and assess cyber and information security risks and incidents related to key systems supporting CLS services and the broader impact to the financial ecosystem. Risk Assessments - Assess whether new/existing cybersecurity activities and controls utilized by CLS are designed and implemented effectively to verify that risks are mitigated to targeted levels. Mitigation - Provide subject matter expertise to business units to drive ownership and progress of corrective action plans. Monitoring - Review metrics, external events, and escalation reports to monitor risk and control-related developments, issues, and trends in the management of cybersecurity, technology, and information security risk for CLS. Governance - Actively present to various committees and forums to keep management informed on changes to CLS risk appetite. Project Oversight - Embed in various projects to challenge design, requirements, and go-live criteria to reduce impact of transformation risk. Relationship Management - Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk. Advisory Services - Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape. Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes. Mentorship - Provide guidance and support to junior members of the team. What we're looking for: At least six years of experience specifically related to information security governance and operations, and/or risk management. Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security. Comfortable working in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment. Experience operating within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure. Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as: Artificial Intelligence Identity & privileged access management Secure system development lifecycle Cloud security configuration and control frameworks Network security Third-party risk management Incident response Threat/vulnerability management Security architecture Professional qualifications / certifications: B.S. in a technology discipline (e.g. Computer Science, Information Systems Management, Computer Engineering) Professional information security certification (e.g. CISSP, CISM, CISA) Working knowledge of risk management lifecycles based on established frameworks such as NIST CSF, NIST SP 800-53, and/or ISO 27001 Experience with enterprise GRC tools (e.g. RSA Archer) is desirable #J-18808-Ljbffr

Created: 2025-03-08