Mizuho Bank Ltd
Information Security Officer
Mizuho Bank Ltd, New York, New York, us, 10261
Join the Mizuho team as an Information Security Officer!
This position reports directly to the Head of the Information Security Office, contributes to, and supports the firm's overall Information Security. The position interfaces with various levels of IT and business personnel, monitoring critical security functions, evaluating key IT processes from a perspective of information security, and advises on best practices and approaches. The ISO is an advanced role supporting the entire cybersecurity program. This individual provides executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program, primarily supporting regional enterprise security initiatives.
As directed by the CISO, the ISO helps drive strategy while providing oversight and reporting on the execution of enterprise security systems, applications and operations. As a business enabler, the ISO ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans. The ISO will work with an adaptable and secure business-supporting cybersecurity team, in addition to influencing and executing with technical teams, which includes but is not limited to patch management, security operations, security engineering and software development.
Essential Job Duties
Prepare status reports and dashboards on various cybersecurity matters (BAU activity, projects, KRIs, strategy, etc.) for Sr. Management, Committees and Board of DirectorsWork closely with security leadership overseeing security operations, incident response, security architecture and infrastructure security programs providing strategy & guidance on best practices and oversightManage all security awareness trainings, newsletters, and phishing campaigns as required for all employees using solution provider and custom-developed tools, providing education and measuring outcomes indicating employee behavioral changePromote a strong security culture set forth by the ISO, ensuring uniformity across security leadership, business units and employeesStay abreast of information security and information technology issues, threats, vulnerabilities and regulatory changes affecting the organization, and perform independent research as needed. Provide consultation and guidance to IT teams as and when needed to address issuesEnsure security governance is uniformly applied and remain informed on projects progress; create quality reports illustrating program status, areas for improvement and successWork with, monitor and provide guidance, evaluation and advocacy on information security related audits including scope of audits, issue finding, and disposition of issues to put the institution in its best lightWork closely with various business functions (e.g., banking, equities, operational risk, compliance, legal, HR and audit teams) to provide security best practice expertise. Stay abreast of new laws, regulations and standards, and assess their impacts to the businessDrive efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls, security programs across the enterprisePerform other duties as assignedSkills and Experience
Demonstrates highly effective communications skills with the ability to influence business unitsOverall knowledge of information security controls, tools and techniques, including: data leakage prevention, incident response, vulnerability scanning and reporting, security operations, identity management and Cloud securityAbility to independently work, be counted upon, manage priorities, and remain flexible in a changing environment while meeting project timelinesExcellent interpersonal skills along with strong written and verbal communication skills across all levels of the organizationProven high level of integrity, trustworthiness and confidence, as well as ability to represent the company and security leadership with the highest level of professionalismStrong project management and organizational skillsApplicable knowledge with the cybersecurity requirements and best practices recommended by various regulators such as the Federal Reserve Bank (FRB), New York Department of Financial Services (NYDFS) regulations and frameworks, and familiarity with the U.S. Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), Office of the Comptroller of the Currency (OCC), California Consumer Privacy Act (CCPA) and others;Intimate familiarity with National Institute of Technology (NIST) standards, International Standards Organization (ISO) standards, etc. and aligning those with enterprise solutions & processesDemonstrated understanding and comprehension of a wide range of cybersecurity solutions and best practicesEducation and Experience Requirements
Bachelor's degree and/or Masters degree in computer science, MIS, information assurance or related technical field. Related experience acceptable in lieu of related degree.7+ years' cybersecurity experience with at least 3+ years in an operationally focused security practitioner roleEngage in personal and professional development projects to maintain continual growth in professional skills and knowledge essential for regulatory requirementsSolid knowledge of several information security and technology frameworks including: FFIEC, ISO, NISTFinancial Services/Banking experience is strongly preferredCISSP, CRISC, CISA, CISM, CEH or CCSP certifications a plus
The expected base salary ranges from $101k-$185k. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.
#LI-Hybrid
Other requirements
Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations.
Company Overview
Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.
Mizuho Americas offers a competitive total rewards package.
We are an EEO/AA Employer - M/F/Disability/Veteran.
We participate in the E-Verify program.
We maintain a drug-free workplace and perform pre-employment substance abuse testing.
#LI-MIZUHO
This position reports directly to the Head of the Information Security Office, contributes to, and supports the firm's overall Information Security. The position interfaces with various levels of IT and business personnel, monitoring critical security functions, evaluating key IT processes from a perspective of information security, and advises on best practices and approaches. The ISO is an advanced role supporting the entire cybersecurity program. This individual provides executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program, primarily supporting regional enterprise security initiatives.
As directed by the CISO, the ISO helps drive strategy while providing oversight and reporting on the execution of enterprise security systems, applications and operations. As a business enabler, the ISO ensures business decisions are not obstructed by cybersecurity but instead are made using sound security principles and supporting corporate security policies and plans. The ISO will work with an adaptable and secure business-supporting cybersecurity team, in addition to influencing and executing with technical teams, which includes but is not limited to patch management, security operations, security engineering and software development.
Essential Job Duties
Prepare status reports and dashboards on various cybersecurity matters (BAU activity, projects, KRIs, strategy, etc.) for Sr. Management, Committees and Board of DirectorsWork closely with security leadership overseeing security operations, incident response, security architecture and infrastructure security programs providing strategy & guidance on best practices and oversightManage all security awareness trainings, newsletters, and phishing campaigns as required for all employees using solution provider and custom-developed tools, providing education and measuring outcomes indicating employee behavioral changePromote a strong security culture set forth by the ISO, ensuring uniformity across security leadership, business units and employeesStay abreast of information security and information technology issues, threats, vulnerabilities and regulatory changes affecting the organization, and perform independent research as needed. Provide consultation and guidance to IT teams as and when needed to address issuesEnsure security governance is uniformly applied and remain informed on projects progress; create quality reports illustrating program status, areas for improvement and successWork with, monitor and provide guidance, evaluation and advocacy on information security related audits including scope of audits, issue finding, and disposition of issues to put the institution in its best lightWork closely with various business functions (e.g., banking, equities, operational risk, compliance, legal, HR and audit teams) to provide security best practice expertise. Stay abreast of new laws, regulations and standards, and assess their impacts to the businessDrive efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls, security programs across the enterprisePerform other duties as assignedSkills and Experience
Demonstrates highly effective communications skills with the ability to influence business unitsOverall knowledge of information security controls, tools and techniques, including: data leakage prevention, incident response, vulnerability scanning and reporting, security operations, identity management and Cloud securityAbility to independently work, be counted upon, manage priorities, and remain flexible in a changing environment while meeting project timelinesExcellent interpersonal skills along with strong written and verbal communication skills across all levels of the organizationProven high level of integrity, trustworthiness and confidence, as well as ability to represent the company and security leadership with the highest level of professionalismStrong project management and organizational skillsApplicable knowledge with the cybersecurity requirements and best practices recommended by various regulators such as the Federal Reserve Bank (FRB), New York Department of Financial Services (NYDFS) regulations and frameworks, and familiarity with the U.S. Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), Office of the Comptroller of the Currency (OCC), California Consumer Privacy Act (CCPA) and others;Intimate familiarity with National Institute of Technology (NIST) standards, International Standards Organization (ISO) standards, etc. and aligning those with enterprise solutions & processesDemonstrated understanding and comprehension of a wide range of cybersecurity solutions and best practicesEducation and Experience Requirements
Bachelor's degree and/or Masters degree in computer science, MIS, information assurance or related technical field. Related experience acceptable in lieu of related degree.7+ years' cybersecurity experience with at least 3+ years in an operationally focused security practitioner roleEngage in personal and professional development projects to maintain continual growth in professional skills and knowledge essential for regulatory requirementsSolid knowledge of several information security and technology frameworks including: FFIEC, ISO, NISTFinancial Services/Banking experience is strongly preferredCISSP, CRISC, CISA, CISM, CEH or CCSP certifications a plus
The expected base salary ranges from $101k-$185k. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.
#LI-Hybrid
Other requirements
Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations.
Company Overview
Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.
Mizuho Americas offers a competitive total rewards package.
We are an EEO/AA Employer - M/F/Disability/Veteran.
We participate in the E-Verify program.
We maintain a drug-free workplace and perform pre-employment substance abuse testing.
#LI-MIZUHO