* Strong InfoSec person. CISM, CISSP
Works in partnership with enterprise architecture, application delivery and support teams, quality services, technology operations, and associated 3rd party vendors to engineer and support the implementation and strengthening of efficient, reliable, scalable, and well managed systems. The scope of work includes the full technology stack from the Application down to the computer and network tiers across all technologies and platforms. The resource will provide team and technical leadership to manage security efforts and drive improvements to not only stay ahead of increasing security threats, but also contribute to a reduction of overall risk posture.
Responsibilities include:
Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 27002, CobiT and ITIL.
Providing business, data, application and technology consulting in pre-feasibility and feasibility discussions with IT team members and business partners.
Providing technical leadership and guidance to the IT teams for project level architectures and design work.
Act as a liaison with other enterprise governance groups (architecture, Third Party Management, Information Data Mgmt, etc.).
Create and manage information security and risk management awareness training programs for employees, contractors and approved system users.
Work directly with business units to facilitate IT risk analysis and risk management processes; identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
Enhance incident response and crisis management process, and manage response to incidents consistently, protecting corporate IT assets, including intellectual property, fixed assets and the companys reputation.
Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
May also perform security assessments or advise on software configuration in support of system security requirements. Includes all functions related to enterprise-wide data security risks.
Qualifications:
knowledge of diverse technologies and new and current architectures
Excellent strategic application of experience; Demonstrated experience leading and generating unique solutions within the financial services industry
Preferred Certifications: Professional information security certification, CISM, CISSP, etc.
Experience with datamarts, operational data stores, data warehouses, and related technologies (eg. Teradata, Oracle, DB2, SQL)
Experience with business intelligence (BI) tools (eg. Business Objects, OBI) for reporting, trend analysis, root/cause analysis, correlation analysis and other BI functions
Miscellaneous technical experience with Linux, Windows, IBM Mainframes, Virtualization, Superdome, grid, cloud computing, solid state disk.
Advanced demonstration of diagnostic skills across a broad number of technologies and platforms
Ability to effectively communicate across multiple levels (Executive Sponsors to team members)
Ability to communicate technical issues to non-technical individuals
Demonstrated ability to work with and coordinate efforts among multiple outside third parties.