Referenz: NFIDO0627_1656346509

Information Security Officer - Hybrid in NYC or CT

USA

  • Up to $150,000 USD
  • Other Stelle
  • Fähigkeiten: CyberSecurity, Risk Management
  • Level: Senior

Jobbeschreibung

Information Security Officer - Hybrid in NYC or CT

NFIDO0627_1656346509

Job Title: Information Security Officer
Job Type: Full-time, Permanent
Location: Hybrid in NYC or Stamford, CT



Summary

We are a leading provider of strategic advice and shareholders services to corporate clients around the world. The firm provides corporate boards and executives with strategic advice and services relating to a broad range of activities, including mergers and acquisitions, annual and special meetings, shareholder activist initiatives, multinational cross-border equity transactions and debt restructuring services. From headquarters in New York and London, and offices and partners in major capital markets, we serve more than 1,000 corporate clients in 80 countries, including many of the world's largest multinational corporations. In addition to publicly listed and private companies, its clients mutual funds, ETFs, stock exchanges and membership associations.

We are currently looking for an experienced Information Security Officer to lead the development and implementation of our information security program, which includes procedures and policies designed to protect enterprise communications, IT systems, and company and customer assets from both internal and external threats.

Responsibilities include, but are not limited to:

* Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
* Develop, implement, and monitor a comprehensive enterprise information security program that aligns with strategic plan and best-in-class compliance and industry requirements
* Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action
* Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings with appropriate compliance business partners
* Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and company's reputation
* Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
* Develop, implement and enhance an up-to-date information security management frameworks
* Create, implement and manage confidentiality, data safeguarding and data retention policies and procedures
* Develop, maintain, and roll out training and activities for information security awareness within the organization
* Evaluate security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary
* Provide regular reporting on the current status of the security program to relevant stakeholders as part of a strategic enterprise risk management program. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security
* Support strategic growth domestically and internationally

Education & Qualifications

* Bachelor's degree or equivalent program in Computer Science, Business Information Systems, Information Security or Information Technology
* Relevant Professional certification essential: CISSP, CISA, CISM, or CRISC
* Minimum 10 years in a Senior Information Security or similar role
* Experience in setting up and managing information security in a financial services organization
* Excellent knowledge and experience of ISO27001, SOC2, GDPR and NIST
* Knowledge of national and international laws, regulations, policies and ethics as they relate to cybersecurity
* Knowledge of Risk Management Processes (eg methods for assessing and mitigating risk)

Skills and Experience

* Experience in working in global organizations is an advantage
* Demonstrated ability to build successful cybersecurity programs in a consulting or financial services environment
* Expert understanding of cybersecurity concepts, principles and practices
* Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
* Excellent conceptual problem-solving skills with demonstrated ability to bring structure to vaguely defined problems, pragmatically scope problems and manage execution
* Organizational and political agility; developed negotiation and influence skills
* Unquestionable personal code of ethics, integrity, diversity and trust
* Able to successfully navigate within varying degrees of ambiguity in a fast-paced environment
* Experience of formal risk assessment methodologies
* In depth understanding of networks, databases and business applications as they relate to security. Excellent understanding of computer networking concepts and protocols, and network security methodologies
* Ability to work in a cross-functional matrix environment
* Excellent understanding of vulnerability management and associated tools and solutions
* Keeps up to date on all matters pertaining to IT security
* Knowledge of leading practice incident management processes
* Solution driven with demonstrated ability to meet deadlines and delivery results

Please email d.orihuela@nigelfrank.com for immediate consideration!