Job Description

Technology and Information/Cyber Security are primary areas of focus for IDB Bank. In the second line of defense, this position reports to the Bank’s Chief Information Security Risk Officer (CISRO) and is a key member of the CISRO’s team. This position is stationed in New York City supporting the Bank’s Technology Vision and Cyber Security Programs serving our domestic and international locations.

The purpose of this position is to lead various technology and information/cyber security risk activities to enhance the overall risk posture of the bank. Among others, some of the key activities include:

• Perform detailed technology & Cyber risk analysis (using various analytics) and provide an effective second line challenge. In addition, ability to build queries to analyze risk data, connect-the-dots and validate Bank’s controls posture.
• Perform full range of technology and information and cyber security risk management lifecycle activities, including risk identification, assessment, reporting and oversight of remediation planning and execution.
• Extensive experience in conducting technical risk assessments at various layers, including, application, database, O/S, network, infrastructure, cloud, etc.
• Develop, implement, enhance and manage second line risk framework for technology and cybersecurity, using standard framework and taxonomy, such as FAIR.
• Conducting various security awareness training sessions throughout the Bank on a frequent basis.
• Ability to analytically evaluate technology root cause analysis on technology and cyber incidents.

The candidate shall maintain the highest ethical standards and adherence to established rules of engagement.

KEY RESPONSIBILITIES:

A strong technical background will enable comprehensive strategic and core risk related conversations with technical audiences while building confidence with business stakeholders and Bank’s leadership when identifying risk and proposing respective remediation plans.

• Perform full range of technology and information and cyber security risk management lifecycle activities, including risk identification, assessment, reporting and oversight of remediation planning and execution. E.g. third-party, application, database, infrastructure, network penetration testing, etc.
• Build and maintain relationship with multiple stakeholders, including Infrastructure & Application Development, Enterprise Risk, Human Resources, Legal, Compliance, etc.
• Partner with Head Office and first line teams (CISO and IT Ops Risk) to implement and execute the risk plans.  
• Building, managing and reporting Key Risk Indicators and Key Performance Indicators. Review metrics (KRI/KPIs) meticulously through detailed analysis of risk data to identify the success of the services being utilized to recommend and coordinate implementation of changes to the risk program. 
• Building, implementing, conducting, managing, and reporting on phishing campaigns, frequently.
• Conducting, managing and reporting on various security awareness training throughout the Bank on a frequent basis.
• Excellent communication skills and strong confidence in conducting live training sessions and responding to Q&As.
• Developing and managing Information Technology & Information Security Risk Program, using standard risk taxonomy, such as FAIR.
• Building, implementing, assessing, managing and reporting against various frameworks and regulatory models, such as, NIST CSF, NIST 800-53, Mitre Attack, Kill Chain, Strides, NYDFS500, FFIEC CAT, FIL-50, etc.
• Ability to build queries to analyze risk data and control posture information.
• Experience integrating vulnerability and patch management tools with IT/IS risk program. Furthermore, communicate and determine vulnerability remediation priorities.
• Ability to perform root cause analysis on technology and cyber incidents.
• Experience developing, implementing or setting risk requirements and assessments with GRC management tools
• Process automation and orchestration
• Preparing MS Power point materials related to Technology and Information Security risk reporting for CISRO, CRO, Enterprise Risk, CEO and Board’s Risk Committee.
• Demonstrate effective project management in on-boarding, coordinating, managing and reporting status on technology and security risk projects, including 3rd party vendor.
• Effectively managing end-to-end, the Bank’s technology and Information Security risk register.
• Deputizing CISRO Team’s tasks, if and when needed.

Qualifications

This role requires skills and experience related to information technology, information security and effective communication and presentation skills. To be successful in this position you mush have the following skills and qualifications:  

PROFESSIONAL QUALIFICATIONS & EXPERIENCE

• 15-25 years of solid experience in Technology Risk and Cyber Security Risk.
• Extensive knowledge of information technology and information security processes and controls.
• Strong technical knowledge and confidence in communicating with highly technical audiences.
• Bachelor’s degree in Computer Science or related technical discipline or equivalent work experience.
• Security certifications required such as CISSP, CISM, CISA, CRISC, CEH, or equivalent.
• Excellent communication skills and strong confidence in developing and conducting effective live security training sessions.
• Strong interpersonal skills, including:
  • Excellent communication, written and presentation skills
  • Highly meticulous and detail-oriented
  • Ability to multi-task effectively
  • Ability to complete projects and perform daily tasks with minimal supervision
  • Ability to set and meet deadlines
• Demonstrated experience in developing and managing Information Technology & Information Security Risk Program, using standard risk taxonomy, such as FAIR.
• Demonstrated experience in implementing, building, assessing, managing and reporting against NIST CSF, NIST 800-53, Mitre Attack frameworks.
• Demonstrated experience in implementing and reporting against various regulatory security models, such as, NYDFS500, FFIEC CAT, FIL-50, etc.
• Ability to build queries to analyze risk data and control posture information.
• Experience integrating vulnerability and patch management tools with IT/IS risk program. Furthermore, communicate and determine vulnerability remediation priorities.
• Ability to perform root cause analysis on technology and cyber incidents.
• Experience developing or setting requirements with GRC management tools.
• Current understanding of best practices, management techniques, emerging risks and industry trends within responsibilities described above.
• Proven ability to pull a diversify group of individuals with different goals together to facilitate, moderate, and influence productive discussions driving towards results.
• Demonstrated experience in leading, managing, tracking and reporting technology and security related projects.

  TECHNICAL SKILLS:

• Solid hands on experience with various security tools, platform & techniques.
• Solid understanding of cyber security threats, defenses, motivations and techniques.
• Solid technical understanding of technology risk and cybersecurity risk at various technology layers, including cloud, application, database, O/S, network, infrastructure, etc.

Additional Information

DISCLAIMER

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.

All your information will be kept confidential according to EEO guidelines.

DUE TO COVID-19, WE ARE NOW OPERATING ON A HYBRID SCHEDULE. WE VALUE THE SAFETY OF OUR EMPLOYEES BECAUSE WE’RE ALL IN THIS TOGETHER.

NO AGENCIES PLEASE.

IDB BANK, INCLUDING ITS SUBSIDIARIES AND DIVISIONS, PROVIDES EQUAL EMPLOYMENT OPPORTUNITIES TO ALL EMPLOYEES AND APPLICANTS FOR EMPLOYMENT WITHOUT REGARD TO RACE, COLOR, RELIGION, SEX, SEXUAL ORIENTATION, NATIONAL ORIGIN, AGE, DISABILITY, GENETIC STATUS, CITIZENSHIP STATUS, MARITAL STATUS, MILITARY OR VETERAN STATUS, CURRENT UNEMPLOYMENT OR ANY OTHER LEGALLY PROTECTED CATEGORY IN ACCORDANCE WITH APPLICABLE FEDERAL, STATE AND LOCAL LAW. NOTHING IN THIS SITE CONSTITUTES A PROMISE OR OFFER OF EMPLOYMENT.