Desc
This includes a threat driven approach to enable secure from the start adoption of emerging technology and application development. The Information Security Manager will be expected to drive effective risk & controls management and support the business through identification of control weaknesses and recommendations for improved security; articulation of the business impact and associated risk; and educate the business on proactive measures to remediate.
This role requires a variety of strengths and capabilities, including:
• Assess audit readiness of the assigned LOB with various internal/external audit and regulatory programs aligned with security of Protected Health Information (PHI)
• Perform continuous information risk assessments to ensure that information systems are adequately protected and meet HITRUST, HIPAA, PCI-DSS and the U.S. state specific privacy requirements
• Responsible for implementing, managing, and enforcing information security directives as required by the firm
• Experience in multiple domains covering Confidentiality, Integrity, Availability, Security and Privacy of PHI data
• Demonstrated experience in leading a number of security assessments, interpreting results and recommending those weaknesses that require remediation, and understanding how to verify that vulnerabilities have been closed after remediation
• Ability to research and draft information security policies and procedures, and recommend new information security technologies for implementation
• Collaborate with Software Engineering teams to enable secure design, development and implementation towards proactive risk reduction
• Partner with Technology and Business teams to effectively model threats and mitigate risk across your coverage area
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Experience in CICD pipelines, DevOps practices and Observability implementations for large platforms
• Experience in cloud services (e.g., IaaS, PaaS, SaaS, etc.) offered by various providers (e.g., AWS, Microsoft Azure, Google etc.)
• Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. HIPAA, NIST, ISO, PCI, SOC)
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
Qualifications:
• Bachelor's degree or the equivalent combination of education and 8+ years of total relevant work experience
• Excellent knowledge and experience in working with HITRUST, HIPAA and PCI regulations
• Proven experience with application & infrastructure security for application running in public Cloud environment
• Experience with Technology, Information Security and Cyber risk management and corresponding application within the financial services industry
• Proven ability to identify, analyze and communicate clearly an organization’s data and technology risks
• Good understanding of the overall operational processes and technology challenges within the financial services industry
• Industry certifications such as CCSFP, CISA, CRISC, CISM or CISSP preferred
• Individual with programing background is preferred
• Cloud architecture certification is plus
• Strong written and verbal communication skills
RequisitionType Professional JobSchedule Full time