The Custom Group of Companies ยท 10 hours ago
Director, Information Security Risk Management
Iselin, NJ
Full-time
Onsite
Director/Executive
10+ years expThe Custom Group of Companies is seeking a Director of Information Security Risk Management to lead the implementation of risk management frameworks aimed at mitigating information security risks. This role involves collaborating with various teams to enhance the control environment and providing oversight of information security risks across the organization.
ConsultingHuman ResourcesLegalStaffing Agency
Responsibilities
Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability
Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape
Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans
Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk
Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting
Lead in executing oversight of information security risks by performing the following: Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls
Review and monitor the progress of actions and validate appropriateness of closure evidence
Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence
Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program
Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite
Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required
Lead in executing project oversight for information security risks by performing the following: Provide challenge of risk management of material information security projects that may impact the firm's risk profile
Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects
Review project benefits and closure artifacts in preparation for transition to BAU
Actively present to various committees and forums to keep management educated on changes to risk appetite
Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk
Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape
Maintain and oversee relevant policies, standards, and procedures related to security processes
Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development
Provide guidance and support to junior members of the team
Interact with and present to regulatory bodies in regular continuous monitoring meetings
Ability to partner, influence, and maintain credibility with the business
Qualification
Required
10+ years of experience specifically related to information security governance, operations, and risk management
Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security
Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements
Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment
Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure
Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as: Cyber resilience, Identity & privileged access management, Secure coding practices, Incident response, Artificial Intelligence, Third-party risk management, Cloud security configuration and control frameworks, Threat/vulnerability management, Network security
B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent)
Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC
Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA
Proficiency in MS PowerPoint and Excel
Preferred
Experience in broader MS Office suite, including Project and Visio is a plus
Experience with enterprise GRC tools, e.g. Archer is a plus
Company
The Custom Group of Companies
For over 30 years, The Custom Group of Companies has been a leader in the recruitment industry, providing temporary/consulting, direct hire, and executive search services throughout New York.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Andrew Norton
Managing Director/Partner
Company data provided by crunchbase