Raymond James Financial Incorporated
IT Business Information Security Lead
Raymond James Financial Incorporated, Pittsburgh, Pennsylvania, us, 15289
This position will follow our hybrid work model, we expect the selected candidate to be in office 2-3 days a week at one of the following office locations: Pittsburgh, PA.
Job Summary:
The Business Information Security Leader (BISL) liaises with our business units and serves as the primary point of contact between Information Security and our business units. The BISL assists in enabling business strategies, while balancing the security risk and ensuring security is aligned with business strategies. Interacts with all levels of leadership in the firm to accelerate solutions through better communication and alignment. The key to success is the ability to influence senior business leaders about the need to embrace security initiatives.
Essential Duties and Responsibilities:
• Articulates the security perspective to the business and helps them understand the potential impact and possible controls in business terms.
• Communicates business knowledge and requirements to the Information Security organization thus ensuring security is aligned with business strategy and need.
• Counsels business units in understanding regulatory information security compliance requirements and helps ensure compliance.
• Represents the business unit in development of policies and standards.
• Act as primary point of contact for all IT internal audits, participates in scoping, deliverable requests and collaborates with senior leadership to clear audit reports and ensure action plans are complete and effective.
• Ensures IT owners are held accountable for their controls and understand responsibilities as to risk mitigation and remediation as well as compliance to security policy and standards to reduce liabilities.
• Understands and reports on the overall information security risk posture of the business unit, and provides an enterprise view of vulnerabilities and associated risks to both the business and information security.
• Focuses on process improvement to manage risk, proactively prevent problems and identify opportunities for efficiencies and automation.
• Investigates security incidents for the business and works with Information Security teams to recommend/implement appropriate corrective actions.
• Understands, tests and implements security plans, products, strategies and control techniques.
• May lead or participate in security related projects and strategy.
• Performs other duties and responsibilities as assigned.
Qualifications:
Education/Previous Experience:
• TYPICALLY requires a Bachelor's degree; 3-5 years of relevant experience. May have one or more technical or business-related certifications.• Minimum of a Bachelor's degree in Computer Science, MIS or related degree and three (3) years of relevant experience in auditing or risk assessing or combination of education, training and experience.
Highly preferred:
• Bachelor's degree in Computer Science, MIS or related degree and seven (7) years of relevant experience in Information Security, risk management and audit or an equivalent combination of education, training and experience.
• Financial services experience highly preferred.
• Knowledge/Experience in the following:
- Information Security programs including, but not limited to, audit reviews, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, vulnerability assessment, penetration testing, third-party assessment, secure configurations and patch management.
- Advanced knowledge of infrastructure and logical security technology with experience working with ITIL, ISO 17799 and/ or CoBit processes and procedures.
- Translating business drivers and priorities into security design.
- Knowledge of government and other regulations related to Information Security (e.g., GLBA, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.).
- Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
Licenses/Certifications:
• Security and control certifications highly preferred (CISSP, CISM, CISA, CRISC).
Raymond James Guiding Behaviors
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcome
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm
Job Summary:
The Business Information Security Leader (BISL) liaises with our business units and serves as the primary point of contact between Information Security and our business units. The BISL assists in enabling business strategies, while balancing the security risk and ensuring security is aligned with business strategies. Interacts with all levels of leadership in the firm to accelerate solutions through better communication and alignment. The key to success is the ability to influence senior business leaders about the need to embrace security initiatives.
Essential Duties and Responsibilities:
• Articulates the security perspective to the business and helps them understand the potential impact and possible controls in business terms.
• Communicates business knowledge and requirements to the Information Security organization thus ensuring security is aligned with business strategy and need.
• Counsels business units in understanding regulatory information security compliance requirements and helps ensure compliance.
• Represents the business unit in development of policies and standards.
• Act as primary point of contact for all IT internal audits, participates in scoping, deliverable requests and collaborates with senior leadership to clear audit reports and ensure action plans are complete and effective.
• Ensures IT owners are held accountable for their controls and understand responsibilities as to risk mitigation and remediation as well as compliance to security policy and standards to reduce liabilities.
• Understands and reports on the overall information security risk posture of the business unit, and provides an enterprise view of vulnerabilities and associated risks to both the business and information security.
• Focuses on process improvement to manage risk, proactively prevent problems and identify opportunities for efficiencies and automation.
• Investigates security incidents for the business and works with Information Security teams to recommend/implement appropriate corrective actions.
• Understands, tests and implements security plans, products, strategies and control techniques.
• May lead or participate in security related projects and strategy.
• Performs other duties and responsibilities as assigned.
Qualifications:
Education/Previous Experience:
• TYPICALLY requires a Bachelor's degree; 3-5 years of relevant experience. May have one or more technical or business-related certifications.• Minimum of a Bachelor's degree in Computer Science, MIS or related degree and three (3) years of relevant experience in auditing or risk assessing or combination of education, training and experience.
Highly preferred:
• Bachelor's degree in Computer Science, MIS or related degree and seven (7) years of relevant experience in Information Security, risk management and audit or an equivalent combination of education, training and experience.
• Financial services experience highly preferred.
• Knowledge/Experience in the following:
- Information Security programs including, but not limited to, audit reviews, risk assessment, awareness and training, identity and access management, data protections, secure SDLC, incident management, vulnerability assessment, penetration testing, third-party assessment, secure configurations and patch management.
- Advanced knowledge of infrastructure and logical security technology with experience working with ITIL, ISO 17799 and/ or CoBit processes and procedures.
- Translating business drivers and priorities into security design.
- Knowledge of government and other regulations related to Information Security (e.g., GLBA, SOXA 404, FFIEC, PCI, Privacy, HIPAA, etc.).
- Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).
Licenses/Certifications:
• Security and control certifications highly preferred (CISSP, CISM, CISA, CRISC).
Raymond James Guiding Behaviors
At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.
We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcome
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm