IT Business Information Security Lead

IT Business Information Security Lead

Department: Information Technology

Location: Pittsburgh, PA

IT Business Information Security Lead

Job Summary:

The Business Information Security Leader (BISL) liaises with our business units and serves as the primary point of contact between Information Security and our business units. The BISL assists in enabling business strategies, while balancing the security risk and ensuring security is aligned with business strategies. Interacts with all levels of leadership in the firm to accelerate solutions through better communication and alignment. The key to success is the ability to influence senior business leaders about the need to embrace security initiatives.

Essential Duties and Responsibilities:

• Articulates the security perspective to the business and helps them understand the potential impact and possible controls in business terms.

• Communicates business knowledge and requirements to the Information Security organization thus ensuring security is aligned with business strategy and need.

• Counsels business units in understanding regulatory information security compliance requirements and helps ensure compliance.

• Represents the business unit in development of policies and standards.

• Act as primary point of contact for all IT internal audits, participates in scoping, deliverable requests and collaborates with senior leadership to clear audit reports and ensure action plans are complete and effective.

• Ensures IT owners are held accountable for their controls and understand responsibilities as to risk mitigation and remediation as well as compliance to security policy and standards to reduce liabilities.

• Understands and reports on the overall information security risk posture of the business unit, and provides an enterprise view of vulnerabilities and associated risks to both the business and information security.

• Focuses on process improvement to manage risk, proactively prevent problems and identify opportunities for efficiencies and automation.

• Investigates security incidents for the business and works with Information Security teams to recommend/implement appropriate corrective actions.

• Understands, tests and implements security plans, products, strategies and control techniques.

• May lead or participate in security related projects and strategy.

• Performs other duties and responsibilities as assigned.

Qualifications

Education/Previous Experience:

• TYPICALLY requires a Bachelor's degree; 3-5 years of relevant experience. May have one or more technical or business-related certifications.• Minimum of a Bachelor's degree in Computer Science, MIS or related degree and three (3) years of relevant experience in auditing or risk assessing or combination of education, training and experience.

Highly preferred:

• Bachelor's degree in Computer Science, MIS or related degree and seven (7) years of relevant experience in Information Security, risk management and audit or an equivalent combination of education, training and experience.

• Financial services experience highly preferred.

• Knowledge/Experience in the following:

• Information Security programs including, but not limited to, audit reviews, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, vulnerability assessment, penetration testing, third-party assessment, secure configurations and patch management.

• Advanced knowledge of infrastructure and logical security technology with experience working with ITIL, ISO 17799 and/ or CoBit processes and procedures.

• Translating business drivers and priorities into security design.

• Knowledge of government and other regulations related to Information Security (e.g., GLBA, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.).

• Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).

Licenses/Certifications:

• Security and control certifications highly preferred (CISSP, CISM, CISA, CRISC).

APPLY NOW

TriState Capital Bank provides equal employment opportunity and advance in employment to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.

TriState Capital Bank is an Equal Opportunity Employer.