Head Of Technology And Information Security Risk

Natixis S.A. New York , NY 10007

Posted 2 months ago

Head of Technology and Information Security Risk

Reference : NA00778

Publication date : 09/26/2018

Company : Natixis North America

Country : United States

Region : New York

Contract : Permanent


Company Description

Natixis is the international corporate and investment banking, asset management, insurance and financial services arm of Groupe BPCE, the 2nd-largest banking group in France with 31 million clients spread over two retail banking networks, Banque Populaire and Caisse d'Epargne.

With more than 21,000 employees, Natixis has a number of areas of expertise that are organized into four main business lines: Asset & Wealth Management, Corporate & Investment Banking, Insurance and Specialized Financial Services.

A global player, Natixis has its own client base of companies, financial institutions and institutional investors as well as the client base of individuals, professionals and small and medium-size businesses of Groupe BPCE's banking networks.

Listed on the Paris stock exchange, it has a solid financial base with a CET1 capital under Basel 3(1) of 11.9 billion, a Basel 3 CET1 Ratio (1) of 10.8 % and quality long-term ratings (Standard & Poor's: A / Moody's: A1 / Fitch Ratings: A).

(1)Based on CRR-CRD4 rules as reported on June 26, 2013, including the Danish compromise - without phase-in.

Figures as at June 30, 2018

Job Description

The Head of Technology and Information Security Risk, a Director-level role, will support a wide range of stakeholders including Risk Management teams, IT & IT Security team, Legal, Compliance, HR, Project Managers and other business partners; the responsbilites incude but are not limited to:

Risk Management: In this capacity The Head of Technology and Information Security Risk will be the central IT Risk oversight working in collaboration with IT Management and Security team to manage their risks.

  • Establishing and managing the second line of define for technology risk governance, policies and tools

  • Assessing the accuracy, completeness and adequacy of risks and controls supporting IT capacity, change management, oversight and governance through RCSA

  • Performing effective challenge of critical and high-risk business/IT processes, controls and IT compliance activities

  • Recommending enhancements to the technology processes and controls to improve effectiveness of technology risk management capabilities

  • Overseeing rollout of tools for surveillance and management of technology risk

  • Participating in technology incident/response escalation process

  • Strategically thinking about the next levels of maturity in Technology Risk management on all aspects of technology risk.

Information Security: In this capacity, The Head of Technology and Information Security Risk will provide oversight of the Information Security function, its processes and participate as a cross functional SME leading us in the forefront of information security best practices shaping our strategy by collaborating with other stakeholders within the Americas platform.

  • Responsible for overseeing the information security risk assessment process and framework

  • Providing strategic risk guidance and consultation to internal businesses partners that enables them to make informed risk management decisions with respect to corporate projects and initiatives

  • Coordinating the development and implementation of plans and procedures for information security risk remediation

  • Managing information security awareness initiatives for the Americas platform

  • Establishing, maintaining and monitoring information security policies and procedures

  • Working directly with Legal, Compliance and Regulatory Affairs departments to identify and ensure compliance with all laws and regulations relating to information security (eg, DFS 500, FFIEC)

  • Keeping current regarding trends, developments and best practices in the information security industry

  • Overseeing second line of defense controls for critical security policy requirements

Required Skills/Qualifications/Experience

  • Degree in Business, Computer Science, Information Security, or a related field

  • Minimum 7-10 years' experience security/technology

  • Experience in Enterprise Risk management (ERM) assessing controls within a technology or financial services firm a plus

  • Experience leveraging IT risk frameworks such as COBIT, COSO, ISO27001 or NIST CSF

  • Previous experience in related areas such as; Information Security, IT Risk & Control functions preferred

  • Experience in IT infrastructure, software development and change management

  • Risk advisory communication, metrics, collaboration driving risk-based results

  • Hands-on experience with GRC tools (Archer)

  • Experience leveraging information security frameworks such as NIST CSF, ISO 27001 and COBIT

  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, and actionable manner.

  • Understanding of financial services and regulatory domains as well as understanding business needs and commitment to delivering high-quality, prompt, and efficient service to the business

  • Understanding of operational risk RCSA, process, controls, incidents

  • Deep understanding of information security risks through knowledge of IT processes and controls

  • An ability to identify and assess the potential impact of risks and communicate risk assessment findings to risk owners in a way that influences optimum risk mitigation

  • Ability to react to high pressure dynamic changing environments

  • A passion for information security

  • Strong documentation and process-oriented background with experience working on complex Technology projects

  • Excellent communication skills

  • Interpersonal skills to work well in a global environment and ability to complement teams in multiple locations

  • Delivering out of box and creative solutions

  • CISM/CISSP certification

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Specialist Business Technology Risk Management

TD Bank Group

Posted 7 days ago

VIEW JOBS 11/9/2018 12:00:00 AM 2019-02-07T00:00 Company Overview About TD Bank, America's Most Convenient Bank® TD Bank, America's Most Convenient Bank, is one of the 10 largest banks in the U.S., providing more than 8 million customers with a full range of retail, small business and commercial banking products and services at approximately 1,300 convenient locations throughout the Northeast, Mid-Atlantic, Metro D.C., the Carolinas and Florida. In addition, TD Bank and its subsidiaries offer customized private banking and wealth management services through TD Wealth®, and vehicle financing and dealer commercial services through TD Auto Finance. TD Bank is headquartered in Cherry Hill, N.J. To learn more, visit www.tdbank.com. Find TD Bank on Facebook at www.facebook.com/TDBank and on Twitter at www.twitter.com/TDBank_US. TD Bank, America's Most Convenient Bank, is a member of TD Bank Group and a subsidiary of The Toronto-Dominion Bank of Toronto, Canada, a top 10 financial services company in North America. The Toronto-Dominion Bank trades on the New York and Toronto stock exchanges under the ticker symbol "TD". To learn more, visit www.td.com. Department Overview Building a World-Class Technology Team at TD We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD's technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway. TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls. There's room to grow in all of it. Job Description About This Role We are looking for someone to develop and implement Technology Controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position: * Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents. * Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas. * Lead or contribute to the completion of risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy. * Contribute to the definition, development, and oversight of a global security management strategy and framework. * Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG's business. * Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area. * Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines. * Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement. * Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities. * Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise . Other duties as assigned * Driving Requirements: * Travel Requirements: Requirements What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position: * University Degree. * Information Security Certification / Accreditation an asset. * 7+ years of relevant experience. * Expert knowledge of IT security and risk disciplines and practices. * Advanced knowledge of of organization, technology controls, security and risk issues. * Demonstrated ability to participate in complex, comprehensive or large projects and initiatives. * Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors. Qualifications Preferred Qualifications - Here are the preferred qualifications for this role: Hours Daytime Hours Inclusiveness At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live in and serve, and creating an environment where every employee has the opportunity to reach her/his potential. If you are a candidate with a disability and need an accommodation to complete the application process, email the TD Bank US Workplace Accommodations Program at USWAPTDO@td.com . Include your full name, best way to reach you, and the accommodation needed to assist you with the application process. EOE/Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity. TD Bank Group New York NY

Head Of Technology And Information Security Risk

Natixis S.A.