Logo
USAmeriBancorp

Cyber Risk Management Specialist

USAmeriBancorp, New York, NY


Job Description

Responsibilities include, but are not limited to:
  • Controls Assessments and Testing (35%) Apply an independent, second-line cyber risk assessment methodology to prioritize the bank's cyber risks and conduct the risk assessments considering emerging cyber threats. Lead the introduction of continuous monitoring and proactive controls testing to better ensure control effective.
  • Issue and Exception Reporting and Tracking (20%) Review and evaluate risk acceptance and issues along with risk treatment decisions made by the business and CISO organization. Review and provide effective challenge of mitigation strategies for key risks. Track and report on progress made on remediation efforts by responsible parties. Escalate concerns to senior management when remediation efforts are insufficient.
  • Effective Challenge (15%) Review and provide effective challenge on the adequacy and direction of the CISO organization's Active Defense Cyber Strategy, including the prioritization of activities and allocation of the Information Security budget. Perform effective challenge on cyber strategy, policies/procedures, threat management program, incident response program, risk monitoring and reporting, and other first line cyber security functions.
  • Risk Management (10%) Define and mature second-line criteria, tool sets and methodologies for identification and analysis of key risks across the broad attack surface including third-party vendors and share results with the CISO organization. Provide credible challenge of first line unit's criteria, tools, and methodologies for adequacy.
  • Emerging Risks (10%) Establish an effective network of data sources and independently monitor and stay abreast of external and emerging cyber threats. Contribute to the identification of key risks that may adversely impact the Bank now or in the future and track the development in sophistication of the underlying technology and techniques as well as options for preparing and protecting the Bank from adverse impacts, and applicable laws and regulatory requirements and share information with appropriate stakeholders.
  • Information Sharing and Analysis (10%) Participate in information sharing to understand industry trends and emerging threats (e.g., US-CERT, FS-ISAC). Share information Valley Bank stakeholders as part of the Cyber Risk Working Group.


Requirements

Required Skills:
  • Strong knowledge of information technology systems and controls.
  • Sound analytical, problem solving and research skills.
  • Strong organizational skills.
  • Ability to effectively respond to shifting priorities and assignments. Ability to meet deadlines and expectations with little supervision.
  • Familiar with risk management standards and principles.
  • Excellent verbal and written communication and presentation skills.
  • Knowledge and experience working with Governance, Risk and Compliance groups and systems.
  • Knowledge of cyber security frameworks, such as NIST, ISO, CIS, and COBIT.
  • Ability to collaborate and negotiate with management and associates to achieve positive results.
  • Proficient in PC skills in Microsoft Office suite -- WORD, Excel, and PowerPoint, as well as GRC software.
  • Optional - Knowledge of various functions of a commercial bank (including retail banking, lending, wealth management, investments, operations, etc.).


Required Experience:
  • Bachelor's degree in a business, risk, or engineering discipline with minimum of 2 years of experience in Risk Management, IT, Operations, Audit, or other relevant functions.
  • Experience working with regulatory compliance issues.
  • Experience with information security, cyber security, regulatory compliance, testing, and controls.
  • Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC); Certified Information Security System Security Professional (CISSP) or in progress of completing and/or willing to complete in 1 -- 2 years required.
  • Master's Degree in business, risk, or engineering discipline related field with relevant course work preferred.
  • Banking background preferred.
  • Active/current certification(s) as indicated above also preferred.