Who we are looking for We are looking for a highly skilled and experienced Cybersecurity Risk Manager to perform Second line Risk Oversight over State Street's Offensive Security Program. You will be collaborating with peers in Global Cyber Security to ensure risk are being reduced through Red Team and Purple Team exercises, Threat Hunting and Application Penetration testing. The Offensive Security Risk Manager will be part of a high performing Second Line of Defense team focused on reducing cyber security risk and maturing State Streets offensive security capabilities and reporting. This position will report directly to the Cyber Technology Risk Managing Director under the Chief Technology Risk Officer (CTRO). What you will be responsible for Perform cyber security risk management for State Streets offensive security capabilities. Collaborate with GCS and Business units on the mission objectives, attack plans, and execution of the enterprise level penetration tests. Review and analyze reports provided by penetration testers to identify potential remediation activities to be performed. Coordinate with the Business on the results of the penetration test and provide oversight on issues/remediation identified as part of the Archer Finding Governance process. Produce reports, dashboards and metrics to measure the effectiveness of State Streets offensive security capabilities. Build and nurture positive working relationships with the intention to exceed stakeholder expectations. Basic Qualifications: 5+ years of security testing experience (red teaming, cloud security, application security, or network security) Foundational understanding of risk management tools (Material Risk Identification, Risk and Control Self Assessments, and Key Risk Indicator Methodology) Bachelor's Degree in computer science, information technology, information systems, or equivalent Relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Preferred Qualifications: 8 + years of security testing experience (red teaming, cloud security, application security, or network security) 5+ years of experience with threat modeling concepts and Cyber Security frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE) Knowledge and working experience of NIST Cybersecurity Framework (CSF) and NIST 800-53 Good understanding of state-of-the-art IT & Cyber Security products, services and technologies, as well as their respective impact on the organization's risk profile as scale. Ability to translate technical issues into risk terms that business can understand is absolutely necessary. Experience managing a global team of risk professionals. Good understanding and knowledge of IT infrastructure, systems, processes and emerging technologies such as cloud, converged infrastructure etc. At least two of the following relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Salary Range: $140.000 - $222.500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
03/27/2024
Full time
Who we are looking for We are looking for a highly skilled and experienced Cybersecurity Risk Manager to perform Second line Risk Oversight over State Street's Offensive Security Program. You will be collaborating with peers in Global Cyber Security to ensure risk are being reduced through Red Team and Purple Team exercises, Threat Hunting and Application Penetration testing. The Offensive Security Risk Manager will be part of a high performing Second Line of Defense team focused on reducing cyber security risk and maturing State Streets offensive security capabilities and reporting. This position will report directly to the Cyber Technology Risk Managing Director under the Chief Technology Risk Officer (CTRO). What you will be responsible for Perform cyber security risk management for State Streets offensive security capabilities. Collaborate with GCS and Business units on the mission objectives, attack plans, and execution of the enterprise level penetration tests. Review and analyze reports provided by penetration testers to identify potential remediation activities to be performed. Coordinate with the Business on the results of the penetration test and provide oversight on issues/remediation identified as part of the Archer Finding Governance process. Produce reports, dashboards and metrics to measure the effectiveness of State Streets offensive security capabilities. Build and nurture positive working relationships with the intention to exceed stakeholder expectations. Basic Qualifications: 5+ years of security testing experience (red teaming, cloud security, application security, or network security) Foundational understanding of risk management tools (Material Risk Identification, Risk and Control Self Assessments, and Key Risk Indicator Methodology) Bachelor's Degree in computer science, information technology, information systems, or equivalent Relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Preferred Qualifications: 8 + years of security testing experience (red teaming, cloud security, application security, or network security) 5+ years of experience with threat modeling concepts and Cyber Security frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE) Knowledge and working experience of NIST Cybersecurity Framework (CSF) and NIST 800-53 Good understanding of state-of-the-art IT & Cyber Security products, services and technologies, as well as their respective impact on the organization's risk profile as scale. Ability to translate technical issues into risk terms that business can understand is absolutely necessary. Experience managing a global team of risk professionals. Good understanding and knowledge of IT infrastructure, systems, processes and emerging technologies such as cloud, converged infrastructure etc. At least two of the following relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Salary Range: $140.000 - $222.500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Sr Director Information Security and Risk Management Reporting to the VP and Chief Information Security Officer, the Sr. Director Information Security and Risk Management serves as a strategic leader for Advantage Solutions and is a key collaborator and partner with members of the leadership team in IT Security. The leader is a key contributor to the IT Security team and Advantage Solutions' overall strategy and goals by providing consistent, coordinated leadership and operating in a partnership with leaders, stakeholders, and partners. Job Duty The Sr. Director, Information Security Risk Management's responsibilities include but are not limited to: Support the strategic initiatives of Advantage Solutions' Information Security and Risk Management program designed around the defense-in-depth principle. Lead the independent risk assessment of partners, suppliers, technology, security, and resilience programs and provide effective challenges to the design and execution of technical and procedural controls. Engage within and outside the organization to conduct external benchmarking, gain knowledge and have situational awareness on the latest regarding risks regulatory changes, etc., and assess for gaps in current practices. Lead in the development of enterprise information risk metrics (e.g. KRIs and KPIs) to continuously monitor, manage and improve program level risks. Assure alignment of operational initiatives to Advantage Solution Information Security Risk Standards and Policies. Consults as a senior advisor for our enterprise risk management capabilities regarding information risk. Participate in the department's financial tracking and budget preparation Supports the CISO in the development and communication of strategy, roadmaps and initiatives to various executive audiences. Establish key functions of the Enterprise Governance, Risk, and Compliance Management program with a focus on protecting the company's assets. Lead enterprise information strategies, planning, and priorities to expand our existing strategic risk management capabilities into the next level of tactical risks in cyber and business continuity, allowing us to identify and manage risks effectively. Develop, implement, monitor, and report on all aspects of enhanced and robust policies, standards, controls, Third-Party Risk Management, Vulnerability Management, Identity and Access Management, Project Risk Assessment, and Compliance assurance capability. Lead the development and implementation of information security policies, standards, controls, and compliance programs to meet regulatory and audit objectives. Identify potential areas of security and compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in the future. Identify and evaluate the organization's risk areas and provide key input to the development of internal controls. Provide and coordinate subject matter expertise during development or refresh of information security policies, standards and other guidance, as necessary. Develop reporting processes to communicate progress of in-flight initiatives, risks and planned initiatives to senior executives and stakeholders in other business units. Identification of risks within the scope of the discipline, including emerging technology, mergers and acquisitions, sales and marketing, architecture, governance, and use of technology platforms. Partner with cross-functional business units to develop, initiate, maintain, and revise policies and procedures to ensure world-class security for the operation of enterprise compliance. Partner with cross-functional operational business partners to oversee risk management frameworks and identifying shifts in the organization's implicit risk appetite. Hires, retains, trains, coaches, guides, directs, and develops direct reports using company-wide processes, tools, and resources Qualifications 15+ years experience in IT Security & Risk area with 8+ years in IT Security leadership/management Industry knowledge of information risk management principles and organizational requirements that are relevant to confidentiality, integrity, and availability of data Requires broad management knowledge to lead project teams in one department/function or large centralized function. In addition, requires business acumen, strategic thinking, financial analytical skills, and decision-making skills. Master's degree preferred; or combination of relevant work experience and education CISM, CRISC, Data Privacy: one or more certifications preferred.
08/29/2021
Full time
Sr Director Information Security and Risk Management Reporting to the VP and Chief Information Security Officer, the Sr. Director Information Security and Risk Management serves as a strategic leader for Advantage Solutions and is a key collaborator and partner with members of the leadership team in IT Security. The leader is a key contributor to the IT Security team and Advantage Solutions' overall strategy and goals by providing consistent, coordinated leadership and operating in a partnership with leaders, stakeholders, and partners. Job Duty The Sr. Director, Information Security Risk Management's responsibilities include but are not limited to: Support the strategic initiatives of Advantage Solutions' Information Security and Risk Management program designed around the defense-in-depth principle. Lead the independent risk assessment of partners, suppliers, technology, security, and resilience programs and provide effective challenges to the design and execution of technical and procedural controls. Engage within and outside the organization to conduct external benchmarking, gain knowledge and have situational awareness on the latest regarding risks regulatory changes, etc., and assess for gaps in current practices. Lead in the development of enterprise information risk metrics (e.g. KRIs and KPIs) to continuously monitor, manage and improve program level risks. Assure alignment of operational initiatives to Advantage Solution Information Security Risk Standards and Policies. Consults as a senior advisor for our enterprise risk management capabilities regarding information risk. Participate in the department's financial tracking and budget preparation Supports the CISO in the development and communication of strategy, roadmaps and initiatives to various executive audiences. Establish key functions of the Enterprise Governance, Risk, and Compliance Management program with a focus on protecting the company's assets. Lead enterprise information strategies, planning, and priorities to expand our existing strategic risk management capabilities into the next level of tactical risks in cyber and business continuity, allowing us to identify and manage risks effectively. Develop, implement, monitor, and report on all aspects of enhanced and robust policies, standards, controls, Third-Party Risk Management, Vulnerability Management, Identity and Access Management, Project Risk Assessment, and Compliance assurance capability. Lead the development and implementation of information security policies, standards, controls, and compliance programs to meet regulatory and audit objectives. Identify potential areas of security and compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in the future. Identify and evaluate the organization's risk areas and provide key input to the development of internal controls. Provide and coordinate subject matter expertise during development or refresh of information security policies, standards and other guidance, as necessary. Develop reporting processes to communicate progress of in-flight initiatives, risks and planned initiatives to senior executives and stakeholders in other business units. Identification of risks within the scope of the discipline, including emerging technology, mergers and acquisitions, sales and marketing, architecture, governance, and use of technology platforms. Partner with cross-functional business units to develop, initiate, maintain, and revise policies and procedures to ensure world-class security for the operation of enterprise compliance. Partner with cross-functional operational business partners to oversee risk management frameworks and identifying shifts in the organization's implicit risk appetite. Hires, retains, trains, coaches, guides, directs, and develops direct reports using company-wide processes, tools, and resources Qualifications 15+ years experience in IT Security & Risk area with 8+ years in IT Security leadership/management Industry knowledge of information risk management principles and organizational requirements that are relevant to confidentiality, integrity, and availability of data Requires broad management knowledge to lead project teams in one department/function or large centralized function. In addition, requires business acumen, strategic thinking, financial analytical skills, and decision-making skills. Master's degree preferred; or combination of relevant work experience and education CISM, CRISC, Data Privacy: one or more certifications preferred.
As the Business Information Security Officer (BISO) of S&P Dow Jones Indices, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization's overall security objectives This position will report to the CTO of S&P Dow Jones Indices Responsibilities Develop and maintain the overall Security strategy of the division Ensure that the division's technology (IT) priorities align with the overall Security strategy Acquire and manage leadership support and financial resources to support the Security transformation and governance priorities of the division Engage with the Global Information Security policy team as the primary point of contact for the division and ensure that division's Security policies and priorities align with those of the overall organization Manage and communicate the divisional Security roadmap Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection Ensure that Security requirements specific to information technology (IT) systems are included in all phases of the system life cycle Engage with the CIRT team to properly address and manage cybersecurity incidents or vulnerabilities Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements Establish a mature Security posture within the Division Experience/Skills: 5+ years in a senior Security leadership role 10+ years of experience working in a Security focused role in the technology or other technology heavy industry (e.g. Financial Services) Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred Detailed understanding of IT risk and information security fundamentals, risk assessment and risk management fundamentals, modern networking technologies and IT security controls Working knowledge of: Cloud computing architectures and the associated security designs and challenges Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them Common web application development technologies (e.g. Java, PHP, Python, etc...) along with tools and processes to enable teams to develop safely NIST security controls frameworks Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization's cyber objectives Ability to exercise judgment when policies are not well-defined S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. The EEO is the Law Poster describes discrimination protections under federal law. 102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group) Job ID: 255641 Posted On: 2020-12-15 Location: New York, New York, United States
01/21/2021
Full time
As the Business Information Security Officer (BISO) of S&P Dow Jones Indices, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization's overall security objectives This position will report to the CTO of S&P Dow Jones Indices Responsibilities Develop and maintain the overall Security strategy of the division Ensure that the division's technology (IT) priorities align with the overall Security strategy Acquire and manage leadership support and financial resources to support the Security transformation and governance priorities of the division Engage with the Global Information Security policy team as the primary point of contact for the division and ensure that division's Security policies and priorities align with those of the overall organization Manage and communicate the divisional Security roadmap Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection Ensure that Security requirements specific to information technology (IT) systems are included in all phases of the system life cycle Engage with the CIRT team to properly address and manage cybersecurity incidents or vulnerabilities Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements Establish a mature Security posture within the Division Experience/Skills: 5+ years in a senior Security leadership role 10+ years of experience working in a Security focused role in the technology or other technology heavy industry (e.g. Financial Services) Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred Detailed understanding of IT risk and information security fundamentals, risk assessment and risk management fundamentals, modern networking technologies and IT security controls Working knowledge of: Cloud computing architectures and the associated security designs and challenges Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them Common web application development technologies (e.g. Java, PHP, Python, etc...) along with tools and processes to enable teams to develop safely NIST security controls frameworks Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization's cyber objectives Ability to exercise judgment when policies are not well-defined S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. The EEO is the Law Poster describes discrimination protections under federal law. 102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group) Job ID: 255641 Posted On: 2020-12-15 Location: New York, New York, United States
Job Description The Sr. Director Information Security establishes and maintains the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected. The Sr. Director serves the role of Chief Information Security Officer (CISO) and is responsible for all IT security aspects of the organizations information technology and systems, including policies, standards, and oversight of security operations management. The Sr. Director Information Security demonstrates expertise in healthcare business, understands hospital related technical and business environment, familiarity with federal regulations (HIPPA, HITECH) and national standards (HITRUST), experience with auditing, risk management, vulnerability assessments, contract/vendor negotiations, and cyber-security and incident management. In the role of the CISO: Develops Information Technology Security Strategic Plan and Program Determines the most critical areas to address: Designs, updates and supports implementation of information security policies and standards Provides interpretations of current policies related to specific situations as they arise Develops business cases for security initiative Plan, execute and evaluate security programs Monitors security trends and legislation locally and nationally Prepares cost and budget estimates Coordinates internal and external security audits Oversees incident response planning and security breach investigations Serves as Chief Incident Manager to whom incidents are reported Serves as Incident Management Lead on critical incidents Supervises development of security awareness and training programs Qualifications Bachelor's degree required, master's degree preferred (major in computer science related discipline or information systems discipline preferred) Fifteen years information technology experience including 5 years of management experience with solid background in enterprise wide information security protection. Five years people management experience including hiring, coaching, and developing internal staff members and managing external resources to achieve goals and deliverables. Demonstrates understanding of overall hospital operations and how work is accomplished between departments and divisions, and its implications for IT infrastructure development. Proven ability to lead and influence organizations leaders to support efforts and implementation of strategic initiatives that impact organization's performance, systems, processes and structure. Please forward your resume to for immediate consideration. - provided by Dice
09/30/2020
Full time
Job Description The Sr. Director Information Security establishes and maintains the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected. The Sr. Director serves the role of Chief Information Security Officer (CISO) and is responsible for all IT security aspects of the organizations information technology and systems, including policies, standards, and oversight of security operations management. The Sr. Director Information Security demonstrates expertise in healthcare business, understands hospital related technical and business environment, familiarity with federal regulations (HIPPA, HITECH) and national standards (HITRUST), experience with auditing, risk management, vulnerability assessments, contract/vendor negotiations, and cyber-security and incident management. In the role of the CISO: Develops Information Technology Security Strategic Plan and Program Determines the most critical areas to address: Designs, updates and supports implementation of information security policies and standards Provides interpretations of current policies related to specific situations as they arise Develops business cases for security initiative Plan, execute and evaluate security programs Monitors security trends and legislation locally and nationally Prepares cost and budget estimates Coordinates internal and external security audits Oversees incident response planning and security breach investigations Serves as Chief Incident Manager to whom incidents are reported Serves as Incident Management Lead on critical incidents Supervises development of security awareness and training programs Qualifications Bachelor's degree required, master's degree preferred (major in computer science related discipline or information systems discipline preferred) Fifteen years information technology experience including 5 years of management experience with solid background in enterprise wide information security protection. Five years people management experience including hiring, coaching, and developing internal staff members and managing external resources to achieve goals and deliverables. Demonstrates understanding of overall hospital operations and how work is accomplished between departments and divisions, and its implications for IT infrastructure development. Proven ability to lead and influence organizations leaders to support efforts and implementation of strategic initiatives that impact organization's performance, systems, processes and structure. Please forward your resume to for immediate consideration. - provided by Dice