Information Security Officer
Apply NowCompany: ePlus Inc
Location: Fair Lawn, NJ 07410
Description:
Job Duties % of Time
Leadership and Collaboration
As a trusted advisor and right hand to the SVP and CISO, provide strategic direction and support in information security, offering technical leadership and mentorship to the security team.
Collaborate with IT, DevOps, and application teams to integrate security practices, act as a subject matter expert for threat detection and vulnerability management.
Represent the organization in cybersecurity audits, assessments, and compliance activities. 30%
Reporting
Work closely with other members of the Enterprise Technology Risk Management Team to develop metrics (KRI/KPI) reporting as it relates to Technology Risk Management adherence throughout the bank. 15%
Compliance and Continuous Improvement
Ensure compliance with relevant legal, regulatory, and industry standards related to information security.
Foster a culture of continuous improvement by staying up-to-date with the latest security trends, technologies, and best practices. 10%
Threat and Vulnerability Management
Develop and manage a comprehensive threat and vulnerability management program that identifies, assesses, and mitigates risks to our information systems. 10%
Security Engineering and Design
Lead the security engineering and design efforts to integrate security into the development lifecycle of our systems and applications. 10%
Data Security and Protection
Establish and enforce robust data security and protection policies and procedures to safeguard sensitive information. 10%
Cyber Security Risk Management and Governance
Implement a comprehensive cyber risk management framework that includes risk assessment, risk mitigation, and governance policies. 10%
Other Responsibilities
Performs other job-related duties as assigned. 5%
Requirements
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience) required.
A Master's degree or a relevant advanced certifications (e.g., CISSP, CISM, OSCP, CEH, GIAC) are highly desirable.
Minimum of 10 years of experience in information security, with a proven track record of leadership and management in security roles.
Excellent leadership and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and senior executives.
Ability to think strategically and develop long-term plans for the organization's security posture.
Strong verbal and written communication skills, with the ability to present complex security information clearly and concisely.
Proven ability to analyze complex security issues and develop effective solutions.
Ability to adapt to changing security landscapes and emerging threats.
High ethical standards and a commitment to protecting the organization's information assets.
Deep understanding and experience with implementing or maintaining ISO 27001 cyber security framework.
Strong technical knowledge of security technologies, tools, and practices. Experience in threat and vulnerability management, incident response, data security, and security engineering.
Familiarity with frameworks such as MITRE Telecommunication&CK, NIST CSF, ISO27001 CSF, and OWASP.
Knowledge of Cyber security risk assessment frameworks.
Strong analytical, problem-solving, and decision-making skills.
Excellent communication and leadership abilities.
Ability to manage multiple priorities in a dynamic environment.
Strong knowledge of risk management frameworks and methodologies.
Leadership and Collaboration
As a trusted advisor and right hand to the SVP and CISO, provide strategic direction and support in information security, offering technical leadership and mentorship to the security team.
Collaborate with IT, DevOps, and application teams to integrate security practices, act as a subject matter expert for threat detection and vulnerability management.
Represent the organization in cybersecurity audits, assessments, and compliance activities. 30%
Reporting
Work closely with other members of the Enterprise Technology Risk Management Team to develop metrics (KRI/KPI) reporting as it relates to Technology Risk Management adherence throughout the bank. 15%
Compliance and Continuous Improvement
Ensure compliance with relevant legal, regulatory, and industry standards related to information security.
Foster a culture of continuous improvement by staying up-to-date with the latest security trends, technologies, and best practices. 10%
Threat and Vulnerability Management
Develop and manage a comprehensive threat and vulnerability management program that identifies, assesses, and mitigates risks to our information systems. 10%
Security Engineering and Design
Lead the security engineering and design efforts to integrate security into the development lifecycle of our systems and applications. 10%
Data Security and Protection
Establish and enforce robust data security and protection policies and procedures to safeguard sensitive information. 10%
Cyber Security Risk Management and Governance
Implement a comprehensive cyber risk management framework that includes risk assessment, risk mitigation, and governance policies. 10%
Other Responsibilities
Performs other job-related duties as assigned. 5%
Requirements
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience) required.
A Master's degree or a relevant advanced certifications (e.g., CISSP, CISM, OSCP, CEH, GIAC) are highly desirable.
Minimum of 10 years of experience in information security, with a proven track record of leadership and management in security roles.
Excellent leadership and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and senior executives.
Ability to think strategically and develop long-term plans for the organization's security posture.
Strong verbal and written communication skills, with the ability to present complex security information clearly and concisely.
Proven ability to analyze complex security issues and develop effective solutions.
Ability to adapt to changing security landscapes and emerging threats.
High ethical standards and a commitment to protecting the organization's information assets.
Deep understanding and experience with implementing or maintaining ISO 27001 cyber security framework.
Strong technical knowledge of security technologies, tools, and practices. Experience in threat and vulnerability management, incident response, data security, and security engineering.
Familiarity with frameworks such as MITRE Telecommunication&CK, NIST CSF, ISO27001 CSF, and OWASP.
Knowledge of Cyber security risk assessment frameworks.
Strong analytical, problem-solving, and decision-making skills.
Excellent communication and leadership abilities.
Ability to manage multiple priorities in a dynamic environment.
Strong knowledge of risk management frameworks and methodologies.