The Custom Group of Companies ยท 1 day ago
VP, Cyber and Information Risk Review Specialist
Iselin, NJ
Full-time
Hybrid
Lead/Staff, Director/Executive
5+ years expThe Custom Group of Companies is a confidential firm seeking a VP, Cyber and Information Risk Review Specialist. This role is responsible for independent reviews of the company's Information Security and Data Management programs, as well as providing oversight and challenge to large-scale risk remediation efforts.
ConsultingHuman ResourcesLegalStaffing Agency
Responsibilities
Execute horizontal reviews of top information security risks, identifying gaps in control coverage and recommending control improvements to address identified gaps
Complete thematic reviews of information security and data management operational risk events and associated proposed actions to propose control enhancements that reduce risk of recurrence
Work with the Information Security and Data Management teams to review control capabilities against industry standards and lead efforts to strengthen the control environment in line with the evolving threat landscape
Review and challenge actions to address gaps, monitor progress of actions, and validate sufficiency of closure evidence
Prepare status reports as needed and present to Technology Leadership, Audit, and regulatory bodies as required
Review and challenge the sufficiency of planned actions to address identified problems, provide stated benefits, and meet regulatory expectations
Review and monitor the progress of actions and validate sufficiency of closure evidence
Prepare status reports as needed and present to Technology Leadership, Audit, and regulatory bodies as required
Actively present to various committees and forums to keep management educated on status of independent reviews, challenges to risk remediation efforts, and progress on control improvements
Be a respected point of contact to stakeholders across the business and technology functions in providing credible operational risk coverage for information security and data management risk
Review and challenge relevant policies, standards, and procedures related to information security and data management processes
Provide guidance and support to junior members of the team
Ability to influence and gain credibility with the business
Qualification
Required
5+ years of experience specifically related to information security and data management risk governance, operations, and risk management functions
Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment
Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security
Experienced working in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment
Experienced operating within a highly regulated environment, with a preference for experience at the international and federal levels
Deep knowledge of information security and data management risk and control frameworks and a strong understanding of related policies, procedures, guidelines, and structure
Functional expertise, with operational knowledge of and exposure to various current and emerging information security and data management areas such as: Cyber resilience, Identity & privileged access management, Secure coding practices, Cloud security configuration and control frameworks, Network security, Third-party risk management, Incident response, Threat/vulnerability management, Security architecture, Data governance, Data quality, Data architecture/lineage
B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent). M.S. desired
Relevant certification is desirable, e.g., CISSP, CISM, CISA
Working knowledge of information security and data management life cycles based on an established framework: CRI, NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA, DAMA-DMBOK
Proficiency in MS PowerPoint and Excel
Experience in broader MS Office suite, including Project and Visio is a plus
Experience with enterprise GRC tools, e.g. Archer is a plus
Judgement and decision making
Communication & Influence
Teamwork & Professionalism
Able to work independently, as required
Possess strong technical, analytical, and problem-solving skills
Provide thought leadership while willing and able to individually contribute to finding solutions
Self-motivated to exceed management expectations and objectives
Clearly communicate complex technical issues to both business and technical staff at all levels
Able to keep organized and detailed documentation
Confidence to effectively challenge points of view regardless of seniority or corporate title
Professionalism to seek out and embrace diversity of thought and experience
Strong collaboration skills to tackle complex security challenges that may span across multiple internal and external departments and groups
Able to effectively cope with change and comfortably handle risk and ambiguity
Tenacious resolve and positive attitude in challenging situations
Company
The Custom Group of Companies
For over 30 years, The Custom Group of Companies has been a leader in the recruitment industry, providing temporary/consulting, direct hire, and executive search services throughout New York.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Andrew Norton
Managing Director/Partner
Company data provided by crunchbase