We’re looking for a Director of Information Security & Cyber Risk Management to join our team in Virginia Beach!
Scope of the position:
Responsible for planning, directing and coordinating the Company’s information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded throughout the Company and follow privacy, information security laws and regulations applicable to financial institutions.
Primary Duties and Responsibilities:
Directs and approves the design of information security systems and performs annual information security risk assessment.
Maintains a current understanding of the IT threat landscape for the industry.
Ensures compliance with the changing laws and applicable regulations related to information security. Translates that knowledge to identification of risks and actionable plans to protect the business.
Constantly updates the cyber security strategy to leverage new technology and threat information.
Briefs the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget.
Communicates best practices and risks to all parts of the business.
Ensures the development and implementation of an ongoing employee information security awareness program.
Ensures that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
Prepares the annual information security report for presentation to the GRC Committee.
Directs development and execution of an enterprise-wide disaster recovery and business continuity plan. Conducts an annual Business Impact Analysis, Business Continuity Risk Assessment and plan testing.
Directs development and execution of an enterprise-wide Incident Response Plan. Develops and directs Response Team to react to security incidents.
Works in conjunction with Risk, Compliance, and Legal to support incident or breach investigations.
Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
Develops strategies to identify and mitigate identified risks.
Conducts monitoring of Information Technology controls (i.e. segregation of duties, Information Technology general controls, policies, procedures, standards, systems auditing, vulnerability testing in compliance with the FFIEC.
Coordinates and monitors timely Information Technology responses to internal and external auditors, regulatory examinations and review findings. Coordinate policy, procedural and/or process changes to prevent reoccurrence of findings.
Works with the appropriate business units and external third parties to schedule periodic audits and security risk assessments.
Oversees identity and access management.
Internal – Extensive contact throughout the company in handling security alerts and incidents.
External –Extensive contact with regulators, law enforcement, and vendors.
Supervision of Others –Yes, oversight of analyst level employees.
Report To – Governance, Risk, and Compliance (GRC) Committee with Administrative Reporting to the COO.
Education & Experience
Bachelor's degree plus a minimum of 10+ years relevant work experience in Information Security, Risk Management, Cyber Security, or a combination thereof within a financial institution.
Designation of Certified Information Security Systems Professional (CISSP) or Certified Information Systems Security Auditor (CISSA) required
Must be willing to relocate to Virginia Beach, VA (Hampton Roads)
Knowledge & Skills
- Demonstrated ability to manage multiple tasks and deliverables
- Proficient in policy, procedure, and report preparation for presentation to executive teams and/or Board level Committees.