Natixis Corporate & Investment Banking
Information Security Officer - Deputy CISO
Natixis Corporate & Investment Banking, New York, New York, United States, 10001
This role reports to the Chief Information Security Officer (CISO) for CIB Americas, who ensures that the bank adheres to global policies, procedures, standards, and directives as well as all U.S. regulatory requirements and is responsible for oversight of IT Security generally within the Americas region. This role includes responsibility for ensuring the confidentiality, integrity, and availability of information assets by identifying and assessing risks, identifying threats and vulnerabilities, and overseeing the implementation of appropriate controls to adequately mitigate risks.
Assist in managing the Second Line of Defense Cybersecurity and Information Security frameworksPerform assessments of completeness and adequacy of the risks and controls supporting Information and Cybersecurity in the Americas PlatformPerform effective 2nd Line of Defense challenge of IT processes, controls and other activities that define the full scope of Information and Cybersecurity risksRecommend enhancements to the business processes and controls that contribute to the overall effectiveness of 2nd Line of Defense Cybersecurity ProgramPerform the various risk assessment activities that are fundamental to an effective program. These assessment activities include overseeing penetration tests, maturity assessments as well as other risk and control assessments
Key Responsibilities:Ensure compliance with legal and regulatory requirements relating to cybersecurity, and in particular the firm’s continued adherence to DFS NYCRR 23 Part 500, including the annual written CISO report to the Board and annual attestation of complianceAssist in operationalizing the Monitoring and Threat Assessment Framework, through monitoring of vulnerability indicators, heat maps, key risk and control indicators and other measures of risk effectivenessPerform oversight controls of the 1st line of defense to ensure the continual effectiveness of IT risk management controls and compliance with Natixis Information Security Policies and StandardsProvide monthly reporting and program updates to Senior management and the Americas Technology Risk Management CommitteeMonitor applications, systems and networks to ensure compliance with security policies, practices and proceduresLead information security awareness training and educational activities, including conducting phishing campaigns and senior management awareness trainingProvide support to the Data risk and Privacy programs through the introduction of industry best practices and the alignment of information security controls and activities with local, state, federal and international privacy regulationsAssist in managing the Information Security residual risk exposure resulting from activities associated with the platform’s third-party vendor and affiliate populationsParticipate and provide subject matter expertise in any Cyber incident response and recovery activities
Requirements:B.S./M.S. degree in Computer Science, Information Security, or a related technical field10 + years of experience in information security and/or IT Security in a banking environmentGood understanding of information security risk through knowledge of IT processes and controlsExperience performing IT risk assessments is preferredStrong experience in creation and maintenance of policies and proceduresEffective communication and interpersonal skills to collaborate with teams in multiple geographical locations and diverse cultural environments.Experience leveraging IT risk frameworks such as ISO27001, NIST CSF, COBIT, COSOHands-on experience with GRC tools (e.g. Archer)CISM/CISSP/CRISC certification (preferred)
Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law.
Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities.
The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.
Assist in managing the Second Line of Defense Cybersecurity and Information Security frameworksPerform assessments of completeness and adequacy of the risks and controls supporting Information and Cybersecurity in the Americas PlatformPerform effective 2nd Line of Defense challenge of IT processes, controls and other activities that define the full scope of Information and Cybersecurity risksRecommend enhancements to the business processes and controls that contribute to the overall effectiveness of 2nd Line of Defense Cybersecurity ProgramPerform the various risk assessment activities that are fundamental to an effective program. These assessment activities include overseeing penetration tests, maturity assessments as well as other risk and control assessments
Key Responsibilities:Ensure compliance with legal and regulatory requirements relating to cybersecurity, and in particular the firm’s continued adherence to DFS NYCRR 23 Part 500, including the annual written CISO report to the Board and annual attestation of complianceAssist in operationalizing the Monitoring and Threat Assessment Framework, through monitoring of vulnerability indicators, heat maps, key risk and control indicators and other measures of risk effectivenessPerform oversight controls of the 1st line of defense to ensure the continual effectiveness of IT risk management controls and compliance with Natixis Information Security Policies and StandardsProvide monthly reporting and program updates to Senior management and the Americas Technology Risk Management CommitteeMonitor applications, systems and networks to ensure compliance with security policies, practices and proceduresLead information security awareness training and educational activities, including conducting phishing campaigns and senior management awareness trainingProvide support to the Data risk and Privacy programs through the introduction of industry best practices and the alignment of information security controls and activities with local, state, federal and international privacy regulationsAssist in managing the Information Security residual risk exposure resulting from activities associated with the platform’s third-party vendor and affiliate populationsParticipate and provide subject matter expertise in any Cyber incident response and recovery activities
Requirements:B.S./M.S. degree in Computer Science, Information Security, or a related technical field10 + years of experience in information security and/or IT Security in a banking environmentGood understanding of information security risk through knowledge of IT processes and controlsExperience performing IT risk assessments is preferredStrong experience in creation and maintenance of policies and proceduresEffective communication and interpersonal skills to collaborate with teams in multiple geographical locations and diverse cultural environments.Experience leveraging IT risk frameworks such as ISO27001, NIST CSF, COBIT, COSOHands-on experience with GRC tools (e.g. Archer)CISM/CISSP/CRISC certification (preferred)
Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law.
Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities.
The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.