Manager, Information Security Risk Manager

SVB Financial Group Tempe , AZ 85280

Posted 3 months ago

Make Next Happen Now. For more than 30 years, Silicon Valley Bank (SVB) has helped innovative companies and their investors move bold ideas forward, fast. SVB provides targeted financial services and expertise through its offices in innovation centers across the world. With commercial, international and private banking services, SVB helps address the unique needs of innovators.

Silicon Valley Bank (SVB) is looking for an Information Security Risk Manager who will be responsible for providing comprehensive security oversight and risk management to ensure tolerances are within Silicon Valley Bank's risk appetite. The individual will also assist in ensuring that the Security Program maintains suitable levels of compliance to applicable laws and regulations through adherence to Security Office policies. The Information Security Risk Manager will identify noncompliant and ineffective security processes and controls.

This position will partner with the second line of defense (Enterprise Risk Management, Operational Risk Management, Compliance, etc.) to ensure that all Security Office practices and services (e.g. Cybersecurity, Privacy, Physical Security, and Business Continuity) are in compliance with applicable laws and regulations domestically and internationally. Responsibilities include execution of a robust controls testing program; and risk identification and remediation program for self-identified, internal and external issues in keeping with corporate tools and methodologies.

As an Information Security Risk Manager you will assist with the following:

  • Evaluate the impact of new and changing legal and regulatory requirements to the Security Office, identify and remediate potential gaps within Security Office governance structure and communicate to affected policy owners.

  • Manage a common security control framework to map relevant laws and regulatory requirements to Polices, Standards, and controls.

  • Provide key insights and risk analysis for Executive Management to facilitate security-related decision making and justify needed improvements of the Security Program including its scope, policies, objectives, controls, processes, and procedures.

  • Work with the Enterprise Risk Management group to facilitate continuous improvement of Information Security in relation to SVB's evolving business risks and acceptable risk tolerances.

  • Ensure that controls are adequate to meet Security Policies; conduct assessments and audits based on laws and regulatory expectations (GLBA, FFIEC, PCI-DSS, SWIFT CSP, NIST, CIS Critical Security Controls, etc.). Design and implement accurate and thorough governance gaps assessments to applicable laws, rules, regulations, and industry practices.

  • Measure the effectiveness of security controls as prescribed by SVB's Security Policy and Standards, regulatory compliance (e.g. FFIEC Cybersecurity Assessment Tool), the CIS Critical Security Controls, and ISACA's COBIT 5.

  • Lead the facilitation of risk assessments (Risk and Control Self-Assessments) as directed by Enterprise Risk Management.

  • Work with key stakeholders across all business unit functions to resolve risk issues as appropriate.

  • Ensure issues and corresponding action items are effectively remediated and evidenced.

  • B.A. or B.S. degree in Information Security, Computer Science or similar field or equivalent work experience in IT audit information security or related field.

  • Must have 4 years of work experience in Information Security, Audit, Risk, and/or Compliance. Open to experience in other relevant fields (i.e., finance, business administration, information technology, etc.) as along as candidate can demonstrate relevancy to this Information Security based role. Previous Big 4 experience a plus.

  • Direct experience with regulated systems (GLBA, SOX, FFIEC, PCI-DSS) in the financial industry a plus.

  • Strong verbal and written communication skills - experience in Audit/Compliance/Regulatory discussions.

  • CISSP, CISA, CRISC, CISM, GCCC, GIAC Certifications preferred.

  • Technical experience in IT and security tools.

  • Experience with GRC applications. LockPath Keylight skills are desirable.

  • Demonstrated capacity to learn, intellectual honesty and independent thinking.

  • Knowledge of Splunk Search Processing Language a big plus but not required.

  • The ideal candidate will have direct experience working in a first or second line risk role within a financial institution, or consulting experience advising financial institutions on the implementation of effective Risk Management programs.

  • Working knowledge of banking regulations within risk management and bank-capital related disciplines.

  • Strong expertise with MS Office including Word, Excel, PowerPoint, and Visio as well as Adobe. Expertise with Tableau and experience with GRC tools a plus.

  • Dedicated team player.

  • Demonstrated project management, analytical and problem solving skills.

  • Ability to collaborate, negotiate, influence and build consensus across the organization

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
IT Manager Information Security

Pulte Group, Inc.

Posted 2 weeks ago

VIEW JOBS 2/8/2021 12:00:00 AM 2021-05-09T00:00 We know that BUILDING HOMES & COMMUNITIES BEGINS WITH BUILDING THE BEST TEAM! How would you like to be a part of team that has been providing the American Dream of homeownership to families for more than 60 years? PulteGroup is a FORTUNE 500 company and one of America's top residential builders. We put the consumer at the center of everything we do and we stand above the competition in our commitment to quality. Our Vision is to Build Consumer Inspired Homes & Communities to Make Lives Better and we believe that success starts with having the right people. At PulteGroup, we are committed to diversity and inclusion. We value the differences of each employee and understand that being consumer inspired means that we reflect the diversity of the consumers we serve. A position with PulteGroup offers a rich, fulfilling and rewarding career across multiple geographies and brands. If you are interested in being a part of our team, let's talk about your career with PulteGroup! Summary: PulteGroup, Inc. is looking to expand our team of talented Information Technology professionals. We have an excellent reputation as a great place to work with an open, collaborative culture. We are looking for an experienced Manager to join our Information Security team. We seek an individual with a proven track-record of leading technology teams and a passion for cybersecurity to deliver successful IT and business outcomes. You will be the Manager of our Information Security team, reporting to the CISO, and will collaborate with other business and IT leaders throughout the organization. We will help you to attain your career development goals with training, mentoring, and by giving you a chance to stretch and grow as a leader in Information Security. As the Manager of our Information Security team you will be responsible for planning, organizing, facilitating, and managing the Information Security program. You will lead an experienced team of Security Engineers & Analysts who protect the Company's computers, networks, and data against cyber threats both internal and external. This team is responsible for maintaining a secure environment for employees and customers by establishing and enforcing security policies and procedures, implementing security technology solutions, and helping our business partners assess and make decisions that involve cyber risk. The ideal candidate is a proven servant leader with a willingness to roll up their sleeves and get engaged, both strategically and tactically. We believe success starts with having the right people -- those who have the right attitude and aptitude. We seek out goal-oriented professionals who are creators, leaders, and pioneers. We value diversity in our workforce. By bringing together people with different backgrounds, thoughts, and life experiences, we create a competitive advantage. Responsibilities: * This position manages work across multiple information systems & projects. * Recruits, selects, coaches, & develops team leadership, engineering, & support staff within the Information Security team. Manages professional growth & develop plans. * Works with CISO to develop team goals in line with department objectives. * Conducts performance & development reviews per HR guidelines. Takes corrective actions, including Performance Improvement Plans & terminations, when necessary. * Leads incident response teams comprised of security, IT, and other business leaders in resolving enterprise security issues. * Translates & champions Information Security strategy to functional unit. * Achieves financial objectives by forecasting requirements, preparing an annual budget, scheduling expenditures, analyzing variances & initiating corrective action within functional unit. * Maintains organization's effectiveness & efficiency by supporting strategic plans for implementing & supporting information technologies. * Assists with defining enterprise IT security policies, standards, & procedures to ensure the protection of information assets. * Approves & tracks PTO/Vacation requests in accordance with HR policies. Management Responsibilities: * Ensures appropriate staffing to meet department needs * Utilizes recruiting and selection tools/processes to build organizational talent * Delegates work according to employee's abilities and skills * Evaluates employee's performance and plans for compensation actions in accordance with that performance * Provides developmental opportunities through identification of internal and external training opportunities * Creates opportunities for employee growth * Provides continuous coaching with regard to functional and leadership standards (technical skills and behaviors) Scope: * Decision Impact: Corporate * Department Responsibility: Single * Budgetary Responsibility: Yes * Direct Reports: Yes * Indirect Reports: Yes * Physical Requirements: N/A Required Education: * Minimum Bachelor's Degree in Computer Information Systems or equivalent experience. * CISM, CISSP or equivalent preferred but not required. If you do not have this certification, you will be expected to obtain this certification within the first year in the position. Required Experience: * Minimum of 5 years of progressive technical experience. * Minimum of 3 years of progressive leadership experience. * Broad knowledge of software development lifecycle & project management methodologies. * Broad understanding of business practices & operations. * Thorough understanding of cybersecurity policies, controls, standards, and procedures. * Familiarity with cybersecurity frameworks such as ISO and NIST. * These minimum requirements may also include additional criteria specific to the position. Pulte Group, Inc. Tempe AZ

Manager, Information Security Risk Manager

SVB Financial Group