Head of Information Security - Americas

Totowa, NJ

Posted: 10/26/2018 Industry: IT Perm Job Number: 11520345


Main Duties and Responsibilities of Role:
Reporting to the WB CIO - Americas, this position will play a leadership role in the oversight of the Information Security team and its processes. Participate as a cross functional subject matter expert with other IT groups as well as Information Risk Management, SOX Key Controls and Corporate Audit.

Main Duties and Responsibilities of Role:

1. Acting on behalf of the CIO, lead representative and facilitator with internal auditors, external auditors, Key Control testers and regulators.
2. Defines, designs, implements Cybersecurity defense capabilities
3. IT Risk Profile Custodian
a. Creates/Tracks/Manages Key Risk Indicators
b. Creates/Tracks/Manages Risk Acceptances (RAs), Management Initiated Actions (MIAs), Audit Findings (Issues)
c. Ensures that SOX Controls are adhered to and works closely with the Key Control Testers to ensure a 'passing' outcome is achieved
d. Understands and manages the impact to the IT Non-Financial Risk Dashboard (NFRD)
e. Reports regularly to senior management on status/profile of Risk Profile
4. ITIL Configuration Management Database (Asset Inventory)
a. Maintains an accurate up to date hardware/software asset inventory
b. Creates/Tracks/Manages Asset Life Cycle Management
5. ITIL Change Management
a. Manages/directs the change management process
b. Maintains a rolling 3 4 month change calendar outlook window
c. Properly prioritizes changes so that senior management is involved in the approval process of High Impact / High Visibility changes
d. Properly schedules changes to minimize impact to business, risk of failure and weekend work.
6. User Access Management
a. Onboarding
b. Terminations
c. Transfers
d. Access Management
e. Segregation of Duty Rule Management
f. Periodic Reviews of Privilege
g. Dormancy Controls
7. Security Monitoring (Technical State and Event)
a. Security Assessments (Cybercrime, APT, and other threat vectors)
b. Application Control Assessments (ASR's, IT Risk Assessment Model, Threat Vulnerability and Control Assessments)
c. Operational Security Guideline (OSG's) Assessments/Identification
d. Technical State Monitoring (Monitoring of OSG's)
e. Security Event Monitoring Assessments (Identification of key events to be monitored)
f. Event Monitoring Oversight
8. Penetration Testing & Result remediation
a. Scoping of periodic penetration tests
b. Coordination of period penetration tests
c. Coordination of periodic DDOC and other red team/Blue Team tests
d. Management and oversight of remediation plans
9. Disaster Recovery
a. Test scheduling and test scope
b. Test results management and reporting against objective/scope
c. Disaster Recovery Exercise Capability assessments

Profile

Qualifications / Education:
Required: Bachelor's or Master's Degree in Information Technology or related field
Preferred:
o Client Certification Series 99
o IT Security Certification CISA, CISM, CRISC

Experience / Knowledge:
10 years of concentrated experience in the areas of Information Security, IT Risk & Control
Past experience managing small teams, remote workers and off site service providers
Agile methods of management, work process and behavior

Competencies:
Leadership: instills trust, sets targets, delegates responsibility effectively
Communication: knows the audience and effectively adapts/adjusts communication
Adaptability: is able to adjust to changing circumstances
Develops others: cultivates talents, complements team with varied
Apply Online

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.