Description

Note: This position follows our hybrid-friendly schedule, so you get the best of both worlds – flexibility and collaboration. In office days will be 2-3 per week averaging 10-12 days per month in one of the following locations: St Petersburg, FL; Denver, CO; Memphis, TN; or Southfield, MI.

Job Summary:

As part of the Technology Risk and Assurance division, the Associate Director will lead the security assurance program, which focuses on penetration testing and other security assessments to inform the firm’s security posture. The role will be responsible for vendor interactions including overseeing security assessments and validating reports. Implements and maintains on-going programs and processes to test the design and operational effectiveness of IT controls. Responsible for ensuring IT assurance and compliance-related activities are completed following industry standards and regulatory requirements. Demonstrates subject matter expertise and is able to integrate domain knowledge with an understanding of financial services standards and practices. Is the primary on the most complex or escalated issues and may provide direction and guidance team members. Applies specialized business knowledge and technical skills to significant deliverables and projects that involve multiple IT departments, and business units and have enterprise impact. This role will manage a small team (3-5 associates) who primarily focus on penetration testing.

Essential Duties and Responsibilities:

• Seeks understanding of security risks and develops plans for assessing controls in place to address those risks.

• Represent CISO and Information Security organization internally and externally as lead for the penetration testing program.

• Serves as an information risk and control advisor, participating in IT processes and activities (e.g., planning, systems development and product selection, etc.).

• Advises process owners on design and implementation of IT controls (manual and automated) into processes and systems using knowledge of risks and company objectives.

• Identifies, implements, and maintains processes and tools to support assurance, and compliance, and remediation tracking activities (e.g., testing, maintenance of controls documentation).

• Maintains IT controls-related documentation (e.g., narratives, process flows, RCM) for simple to complex information systems in support of information assurance and compliance activities.

• Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities.

• Assists IT process owners in the creation and maintenance of IT policies and procedures to support information assurance and regulatory compliance activities, by providing input on control objectives and activities.

• Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure IT compliance.

• Performs other duties and responsibilities as assigned.

Qualifications

Knowledge, Skills, and Abilities:

• Strong background in information security, with a specific focus or experience in performing or managing penetration testing.

• Strong project management and organizational skills required, such as ability to multi-task and manage multiple vendor engagements at once, manage budgets and vendor proposals.

• Report writing and technical writing skills must be strong as well to ensure report quality and track vulnerabilities through remediation.

• Ability to lead or manage several team members and contractors, and work with various IT teams to report on and mitigate findings resulting from security assurance engagements, such as security vulnerabilities.

• Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.

• Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.

• Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that is consistent with available facts, constraints and probable consequences.

• Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas; remains current with developments and trends in areas of expertise.

• Develop and use collaborative relationships to facilitate the accomplishment of work goals.

• Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.

Education/Previous Experience:

• Minimum of a Bachelor’s degree in Information Security, MIS or related degree and ten (10) years of relevant experience including management or leadership experience or an equivalent combination of education, training and experience.

• Experience within a highly regulated environment such as Financial Services is preferred.

Licenses/Certifications:

• Information Security certifications such as CISSP, CISM, Security , Network , Linux , GWAPT, GCIH or other SANS certifications are required.

• Technical certifications such as OSCP, PenTest , GPEN, CEH or other penetration testing certifications highly preferred.

Job: Technology

Primary Location: US-FL-St. Petersburg-Saint Petersburg

Other Locations: US-CO-Denver-Denver, US-MI-Southfield-Southfield, US-TN-Memphis-Memphis, US-FL-St. Petersburg-Saint Petersburg

Organization Technology

Schedule Full-time

Job Shift Day Job

Travel Yes, 10 % of the Time

Req ID: 2403427