Cyber Security GRC Specialist - DFS 500 - Security Jersey City
NYSDFS 500 Cybersecurity Regulation Leadership Act as the lead for all DFS500-related matters to ensure the bank maintains and enhances its level of compliance with DFS500 Perform all required activities to ensure that the program is effective Actively maintain the DFS500 methodology and program such as a charter, scope statement, program requirements, periodic review of required controls, annual attestation (including periodic sub-certifications), securing acceptance of deliverables and other evidential documentation as needed Contribute to DFS500 exams as requested by the NYSDFS regulators Collect and automate (whenever possible) DFS500 metrics to demonstrate risk reduction for the bank and to produce reports for multiple audiences such as management (CISO), auditors, technical staff, etc. Act as a subject matter expert and advisor with regards to DFS500 requirements for all stakeholders FFIEC CAT Leadership Act as the lead to develop and maintain an effective FFIEC CAT framework for the bank Ensure that the FFIEC CAT requirements are mapped to our other core regulations such as DFS500 Manage and maintain the FFIEC CAT framework to ensure the applications in scope are validated, the controls are in place and working as they should Develop reports and metrics for multiple audiences Security GRC Framework Contribution Contribute to the design and deployment of the security GRC framework Coordinate with all team members in the CISO's organization to contribute to a security GRC framework and provide a "one-stop shop" shop for core security activities and controls Contribute to security policies, standards, procedures, and guidelines Contribute to the security GRC component of the bank's GRC portal (Archer) to ensure it is aligned with our security GRC framework Contribute to the security GRC framework to: Ensure controls are in place and working as they should Ensure policies, standards, procedures, and guidelines are updated to reflect changes in the business and IT environment Ensure clients, regulatory, and internal requirements are being met consistently and cost-effectively Automate and streamline all processes related to managing the bank's security GRC framework Provide multi-level reporting to all stakeholders in the company: Executives, clients, business leads, IT leads, audit and regulatory representatives Build partnerships across the organization in all disciplines: audit, legal, information technology, business operations, sales and marketing, corporate communications, risk management, etc. to ensure the security GRC program is aligned with business objectives and requirements Documentation, Reporting & Analytics Contribute to the reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to the Director of Security GRC Profile Required Knowledge & Experience Required 4-6 years' demonstrable experience in leading DFS500 and security GRC, security project management, security policy management, and other security practices Proficient with MS Office, project management software, and at least one GRC tool (highly recommended) Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) strongly recommended Requires strong analytical skills, problem solving skills, and project/program management skills Extensive training in computer disciplines such as application and data security, systems programming, systems design, computer technology or software disciplines Hands-on experience with performing GRC program functions Excellent communication skills Education & Certifications Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required Certified training in security management, risk and compliance solutions and practices CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required Business Insight
The Cyber Security GRC Manager will lead DFS500 related initiatives and contribute to the Security GRC framework. The position is hands-on and requires strong project management skills and tactical execution. The position requires an in-depth knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer, reporting tools such as Tableau.
The ideal candidate is proactive and an experienced and proven project manager. Furthermore, the ideal candidate will be a strong collaborator with the Director of Security GRC, all the security team members, and across the organization (regionally in the Americas and globally with our HQ in Paris)
We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.
Job code: 20000154
Business unit: SG AMERICAS OPERATIONAL SECURITIES
Starting date: 02/03/2020
Date of publication: 15/01/2020