Head of Technology and Information Security Risk
Reference : NA00778
Publication date : 09/26/2018
Company : Natixis North America
Country : United States
Region : New York
Contract : Permanent
Natixis is the international corporate and investment banking, asset management, insurance and financial services arm of Groupe BPCE, the 2nd-largest banking group in France with 31 million clients spread over two retail banking networks, Banque Populaire and Caisse d'Epargne.
With more than 21,000 employees, Natixis has a number of areas of expertise that are organized into four main business lines: Asset & Wealth Management, Corporate & Investment Banking, Insurance and Specialized Financial Services.
A global player, Natixis has its own client base of companies, financial institutions and institutional investors as well as the client base of individuals, professionals and small and medium-size businesses of Groupe BPCE's banking networks.
Listed on the Paris stock exchange, it has a solid financial base with a CET1 capital under Basel 3(1) of 11.9 billion, a Basel 3 CET1 Ratio (1) of 10.8 % and quality long-term ratings (Standard & Poor's: A / Moody's: A1 / Fitch Ratings: A).
(1)Based on CRR-CRD4 rules as reported on June 26, 2013, including the Danish compromise - without phase-in.
Figures as at June 30, 2018
The Head of Technology and Information Security Risk, a Director-level role, will support a wide range of stakeholders including Risk Management teams, IT & IT Security team, Legal, Compliance, HR, Project Managers and other business partners; the responsbilites incude but are not limited to:
Risk Management: In this capacity The Head of Technology and Information Security Risk will be the central IT Risk oversight working in collaboration with IT Management and Security team to manage their risks.
Establishing and managing the second line of define for technology risk governance, policies and tools
Assessing the accuracy, completeness and adequacy of risks and controls supporting IT capacity, change management, oversight and governance through RCSA
Performing effective challenge of critical and high-risk business/IT processes, controls and IT compliance activities
Recommending enhancements to the technology processes and controls to improve effectiveness of technology risk management capabilities
Overseeing rollout of tools for surveillance and management of technology risk
Participating in technology incident/response escalation process
Strategically thinking about the next levels of maturity in Technology Risk management on all aspects of technology risk.
Information Security: In this capacity, The Head of Technology and Information Security Risk will provide oversight of the Information Security function, its processes and participate as a cross functional SME leading us in the forefront of information security best practices shaping our strategy by collaborating with other stakeholders within the Americas platform.
Responsible for overseeing the information security risk assessment process and framework
Providing strategic risk guidance and consultation to internal businesses partners that enables them to make informed risk management decisions with respect to corporate projects and initiatives
Coordinating the development and implementation of plans and procedures for information security risk remediation
Managing information security awareness initiatives for the Americas platform
Establishing, maintaining and monitoring information security policies and procedures
Working directly with Legal, Compliance and Regulatory Affairs departments to identify and ensure compliance with all laws and regulations relating to information security (eg, DFS 500, FFIEC)
Keeping current regarding trends, developments and best practices in the information security industry
Overseeing second line of defense controls for critical security policy requirements
Degree in Business, Computer Science, Information Security, or a related field
Minimum 7-10 years' experience security/technology
Experience in Enterprise Risk management (ERM) assessing controls within a technology or financial services firm a plus
Experience leveraging IT risk frameworks such as COBIT, COSO, ISO27001 or NIST CSF
Previous experience in related areas such as; Information Security, IT Risk & Control functions preferred
Experience in IT infrastructure, software development and change management
Risk advisory communication, metrics, collaboration driving risk-based results
Hands-on experience with GRC tools (Archer)
Experience leveraging information security frameworks such as NIST CSF, ISO 27001 and COBIT
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, and actionable manner.
Understanding of financial services and regulatory domains as well as understanding business needs and commitment to delivering high-quality, prompt, and efficient service to the business
Understanding of operational risk RCSA, process, controls, incidents
Deep understanding of information security risks through knowledge of IT processes and controls
An ability to identify and assess the potential impact of risks and communicate risk assessment findings to risk owners in a way that influences optimum risk mitigation
Ability to react to high pressure dynamic changing environments
A passion for information security
Strong documentation and process-oriented background with experience working on complex Technology projects
Excellent communication skills
Interpersonal skills to work well in a global environment and ability to complement teams in multiple locations
Delivering out of box and creative solutions