Information Security Officer

SoHo Dragon represents a  Fortune 500 Fintech company that needs to hire an Information Security Officer for a full time opportunity.

This is a hybrid role with 2 -3 days a week onsite.

Qualifications

• Working knowledge of relevant regulatory requirements and control frameworks (ISO, NIST, COBIT, COSO, ITIL, GLBA, PCI, FFIEC, etc.)

• Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security

• 10+ years of relevant experience

• Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams

• Ability to interpret and apply policies and regulations across a large, complex business

• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker

• High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions

• Proficient with administration and productivity tools: Microsoft 365, Teams, JIRA, Confluence, SharePoint, Outlook, Word, Excel, PowerPoint, etc

• Familiarity with IAM concepts and software such as Ping and SailPoint

• Bachelor’s degree or equivalent experience

Responsibilities

•The Information Security Officer will be a member of the Global Business Solutions Technology organization and work closely with the line of business Chief Information Officer (CIO)/Chief Technology Officer (CTO)

•In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized information security risk-based discussions

•This relationship will ensure a focus on the right risk priorities

•You will also provide guidance on information security topics, policies and controls

•Develop and maintain an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, consumers, data, and customers

•Main contact and adviser for cyber security as part of IT leadership role and the IT business partners, infrastructure and architecture

•Act as a partner with the legal, compliance, and IT resources to establish an effective working relationship that enhances the security program effectiveness

•Implementation of the information security policies and procedures across the business unit

•Oversee, communicate, and carry out the technical implementations of solutions required for security for the objectives of the business

•Identify and take action on all non-compliance areas for improvement and facilitates the development and deployment of the solutions

•Active engagement with customers and clients to help a company toward objective achievements through representation of the security program, support for external and internal auditing, and helping in the case of a security incident as a main contact for communication

•Offer reporting on a regular basis on cybersecurity status across the business unit of responsibility

•Act as the main contact for escalation of inquiries, security issues, and security issues

•Coordinate with Crisis Management and Security Incident Response teams to help drive resolutions for incidents and assist with investigations

•Offer guidance for cybersecurity across regions and functions

•Act as a driver for remediation activities across the business unit

•Develop a technical roadmap in collaboration with Cyber Security Engineering and Cyber Defense Operations teams

•Work with Information Risk Management and Compliance team for policy development and regulatory compliance

•Help to translate and implement information security policies

•Act to coordinate Service Level Management for cybersecurity and assurance