Make Next Happen Now. For more than 30 years, Silicon Valley Bank (SVB) has helped innovative companies and their investors move bold ideas forward, fast. SVB provides targeted financial services and expertise through its offices in innovation centers across the world. With commercial, international and private banking services, SVB helps address the unique needs of innovators.
Silicon Valley Bank (SVB) is looking for an Information Security Risk Manager who will be responsible for providing comprehensive security oversight and risk management to ensure tolerances are within Silicon Valley Bank's risk appetite. The individual will also assist in ensuring that the Security Program maintains suitable levels of compliance to applicable laws and regulations through adherence to Security Office policies. The Information Security Risk Manager will identify noncompliant and ineffective security processes and controls.
This position will partner with the second line of defense (Enterprise Risk Management, Operational Risk Management, Compliance, etc.) to ensure that all Security Office practices and services (e.g. Cybersecurity, Privacy, Physical Security, and Business Continuity) are in compliance with applicable laws and regulations domestically and internationally. Responsibilities include execution of a robust controls testing program; and risk identification and remediation program for self-identified, internal and external issues in keeping with corporate tools and methodologies.
As an Information Security Risk Manager you will assist with the following:
Evaluate the impact of new and changing legal and regulatory requirements to the Security Office, identify and remediate potential gaps within Security Office governance structure and communicate to affected policy owners.
Manage a common security control framework to map relevant laws and regulatory requirements to Polices, Standards, and controls.
Provide key insights and risk analysis for Executive Management to facilitate security-related decision making and justify needed improvements of the Security Program including its scope, policies, objectives, controls, processes, and procedures.
Work with the Enterprise Risk Management group to facilitate continuous improvement of Information Security in relation to SVB's evolving business risks and acceptable risk tolerances.
Ensure that controls are adequate to meet Security Policies; conduct assessments and audits based on laws and regulatory expectations (GLBA, FFIEC, PCI-DSS, SWIFT CSP, NIST, CIS Critical Security Controls, etc.). Design and implement accurate and thorough governance gaps assessments to applicable laws, rules, regulations, and industry practices.
Measure the effectiveness of security controls as prescribed by SVB's Security Policy and Standards, regulatory compliance (e.g. FFIEC Cybersecurity Assessment Tool), the CIS Critical Security Controls, and ISACA's COBIT 5.
Lead the facilitation of risk assessments (Risk and Control Self-Assessments) as directed by Enterprise Risk Management.
Work with key stakeholders across all business unit functions to resolve risk issues as appropriate.
Ensure issues and corresponding action items are effectively remediated and evidenced.
B.A. or B.S. degree in Information Security, Computer Science or similar field or equivalent work experience in IT audit information security or related field.
Must have 4 years of work experience in Information Security, Audit, Risk, and/or Compliance. Open to experience in other relevant fields (i.e., finance, business administration, information technology, etc.) as along as candidate can demonstrate relevancy to this Information Security based role. Previous Big 4 experience a plus.
Direct experience with regulated systems (GLBA, SOX, FFIEC, PCI-DSS) in the financial industry a plus.
Strong verbal and written communication skills - experience in Audit/Compliance/Regulatory discussions.
CISSP, CISA, CRISC, CISM, GCCC, GIAC Certifications preferred.
Technical experience in IT and security tools.
Experience with GRC applications. LockPath Keylight skills are desirable.
Demonstrated capacity to learn, intellectual honesty and independent thinking.
Knowledge of Splunk Search Processing Language a big plus but not required.
The ideal candidate will have direct experience working in a first or second line risk role within a financial institution, or consulting experience advising financial institutions on the implementation of effective Risk Management programs.
Working knowledge of banking regulations within risk management and bank-capital related disciplines.
Strong expertise with MS Office including Word, Excel, PowerPoint, and Visio as well as Adobe. Expertise with Tableau and experience with GRC tools a plus.
Dedicated team player.
Demonstrated project management, analytical and problem solving skills.
Ability to collaborate, negotiate, influence and build consensus across the organization
SVB Financial Group