Cybersecurity Program Governance Coordinator

The Information Security Governance Team is primarily responsible for developing, planning and executing the organization’s information security strategy. The information security governance team is required to coordinate and interact with a wide range of representatives across the organization to obtain an understanding of the evolving risks, risk appetite and controls present in the organization. This team must generate reports and other forms of communication that clearly articulate the information security posture of the organization. The reports generated shall be based on analysis of the set of underlying metrics. These metrics shall be leveraged to tell a story about the security posture, specifically calling out areas in need of additional attention. The governance team also responsible maintains responsibility for tracking action plans and other activities that contribute to improving the overall security posture of the organization.
Responsibilities:

  • Coordinate with cybersecurity program committee members and associated stakeholders to maintain meeting agendas, ensure timely data collection and preparation, raising issues in advance of meetings
  • Design, Develop and appropriately distribute information security reports and presentation materials
  • Track committee meeting activities, including the timely distribution of minutes and action plans
  • Coordinate with appropriate managers to drive process development and improvement initiatives
  • Assist in development of accurate and relevant information security process and operational metrics
  • Actively participate in efforts to enhance the governance structure, including the automation of metric-driven reports and associated activities
  • Monitor the effectiveness of the Enterprise wide information security program
  • Produce monthly dashboards, reports and validate and submit appropriate metrics
  • Maintain a calendar of events associated with the regional and global Cybersecurity program
  • Develop sustainable processes, and controls, as required for the Cybersecurity program.
  • Assist in defining monitoring measures to detect and ensure appropriate correction of security breaches and policy violations
  • Proactively keep current on information security issues related to business processes as input into departmental policies and procedures
  • Work on Cybersecurity Projects and Activities as needed
Required Qualifications:

  • Strong analytical thinking, verbal and written communication skills
  • Excellent interpersonal skills and the ability to work effectively with others as a team
  • Ability to work independently and effectively managing and prioritizing multiple tasks
  • Solid understanding of IT security concepts with an emphasis on Security and Risk Assessment
  • Knowledge and experience with law and regulations surrounding the financial services sector
  • Advanced user of Microsoft Excel, Microsoft Word and Microsoft PowerPoint
Preferred Qualifications:

  • Bachelor degree in Computer Science or Engineering (relevant concentration preferred) with 5+ years of experience; or a Graduate Degree (Masters) in MIS, with 2+ years of experience.
  • Information Security certifications (e.g., CISSP, CISA, CISM, SANS coursework)
  • Knowledge of information security frameworks and regulations including: NY DFS, FFIEC, ISO:27001
  • Familiarity with information security frameworks and regulatory requirements such as NY DFS, FRB, FFIEC, NIST Cybersecurity Framework, SANS Critical Security Controls, OWASP Top 10 and others.
  • SharePoint administration and document management
  • Experience in developing processes, implementing controls, and writing or working with information security policies