Executive recruitment company Monroe Consulting is recruiting on behalf of a leading multinational securities company. The company provides investment products and services.
The position will be responsible for creating information security strategies, both short-term and long-range and communicating risks or recommendations to mitigate risks to the senior administration.
- Direct an ongoing, proactive risk assessment program for all new and existing systems and remains familiar with the Company's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
- Communicate risks and recommendations to mitigate risks to the senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Company.
- Oversee all ongoing activities related to the development, implementation, and maintenance of the Company's information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the Company system and assisting departments in local process and procedure development, ensuring they are not in conflict with Company policies.
- Assist other departments to ensure regulatory compliance in areas such as the Data Security Standards (DSS), Personal Data Privacy (PDA).
- Ensure vulnerabilities are managed by directing periodic vulnerability scans of servers connected to Company networks.
- Develop information security awareness training and education programs, works with other Company entities to present them to staff and units, and participates in local, regional, and national awareness and education events, as appropriate.
- Ensure sufficient resources are available and allocated to projects by balancing project funding requirements with the assigned budgets, coordinates, and tracks project expenditures to ensure resources are used effectively and within budget.
- Act proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
- Evaluate security incidents and determines what response, if any, is needed and coordinates Company responses, including technical incident response teams, when sensitive information is breached.
- Contribute to the overall success of the company by performing all other duties and responsibilities as assigned.
- Experience in cyber security.
- Applicable experience includes, but is not limited to, computer and networking infrastructure, operating systems, application software development, project management, regulatory compliance, risk management, and providing training.
- Strong IT skills and knowledge including hardware, software, and networks.
- Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems.
- A deep understanding of how hackers work and ability to keep up with the fast pace of change in the criminal cyber-underworld.