Information Security Officer - Deputy CISO
Apply NowCompany: Groupe BPCE
Location: New York, NY 10025
Description:
Poste et missions
We are seeking a seasoned Cybersecurity Risk Management Specialist to join our dynamic team. This role is pivotal in ensuring that our bank adheres to global policies, procedures, and regulatory requirements, particularly within the U.S. The successful candidate will work closely with the Chief Information Security Officer (CISO) to maintain the integrity, confidentiality, and availability of our information assets. You will play a key role in identifying and assessing risks, threats, and vulnerabilities, while overseeing the implementation of effective controls to mitigate these risks.
Key Responsibilities:
At Natixis, we are committed to fostering a diverse and inclusive workplace where innovation thrives. You will have the opportunity to work with a talented team dedicated to protecting our organization and clients from cyber threats. If you are passionate about cybersecurity and meet the qualifications above, we encourage you to apply!
The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.
Profil et comptences requises
Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field.
A minimum of 10 years of experience in information security and/or IT security within the banking sector.
Strong understanding of information security risk, IT processes, and control frameworks.
Experience in conducting IT risk assessments is highly preferred.
Proven track record in developing and maintaining security policies and procedures.
Excellent communication and interpersonal skills to effectively collaborate with teams across diverse geographical and cultural environments.
Familiarity with IT risk frameworks such as ISO 27001, NIST Cybersecurity Framework (CSF), COBIT, and COSO.
Hands-on experience with Governance, Risk, and Compliance (GRC) tools (e.g., Archer) is a plus.
Relevant certifications such as CISM, CISSP, or CRISC are preferred.
We are seeking a seasoned Cybersecurity Risk Management Specialist to join our dynamic team. This role is pivotal in ensuring that our bank adheres to global policies, procedures, and regulatory requirements, particularly within the U.S. The successful candidate will work closely with the Chief Information Security Officer (CISO) to maintain the integrity, confidentiality, and availability of our information assets. You will play a key role in identifying and assessing risks, threats, and vulnerabilities, while overseeing the implementation of effective controls to mitigate these risks.
Key Responsibilities:
- Second Line of Defense Management: Assist in managing the Second Line of Defense Cybersecurity and Information Security frameworks, ensuring robust oversight and challenge of IT processes and controls.
- Risk Assessment: Conduct thorough assessments of the adequacy and completeness of risks and controls related to Information and Cybersecurity within the Americas Platform, including overseeing penetration tests and maturity assessments.
- Enhancement Recommendations: Proactively recommend enhancements to business processes and controls to bolster the overall effectiveness of the Second Line of Defense Cybersecurity Program.
- Compliance Oversight: Ensure compliance with all legal and regulatory requirements related to cybersecurity, with a specific focus on adherence to DFS NYCRR 23 Part 500, including the preparation of the annual CISO report to the Board.
- Monitoring and Threat Assessment: Operationalize the Monitoring and Threat Assessment Framework, utilizing vulnerability indicators, heat maps, and key risk indicators to gauge risk effectiveness.
- First Line of Defense Oversight: Perform oversight controls of the first line of defense to ensure continuous effectiveness of IT risk management controls, in alignment with Natixis Information Security Policies and Standards.
- Reporting and Updates: Provide monthly reporting and program updates to senior management and the Americas Technology Risk Management Committee.
- Security Monitoring: Monitor applications, systems, and networks to ensure compliance with security policies and procedures.
- Training and Awareness: Lead information security awareness training initiatives, including conducting phishing simulations and senior management training sessions.
- Data Risk and Privacy Support: Collaborate with Data Risk and Privacy programs to implement industry best practices and align information security controls with local, state, federal, and international privacy regulations.
- Vendor Risk Management: Assist in managing the information security residual risk exposure related to third-party vendors and affiliates.
- Incident Response: Participate in Cyber incident response and recovery efforts, providing subject matter expertise as needed.
At Natixis, we are committed to fostering a diverse and inclusive workplace where innovation thrives. You will have the opportunity to work with a talented team dedicated to protecting our organization and clients from cyber threats. If you are passionate about cybersecurity and meet the qualifications above, we encourage you to apply!
The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.
Profil et comptences requises
Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field.
A minimum of 10 years of experience in information security and/or IT security within the banking sector.
Strong understanding of information security risk, IT processes, and control frameworks.
Experience in conducting IT risk assessments is highly preferred.
Proven track record in developing and maintaining security policies and procedures.
Excellent communication and interpersonal skills to effectively collaborate with teams across diverse geographical and cultural environments.
Familiarity with IT risk frameworks such as ISO 27001, NIST Cybersecurity Framework (CSF), COBIT, and COSO.
Hands-on experience with Governance, Risk, and Compliance (GRC) tools (e.g., Archer) is a plus.
Relevant certifications such as CISM, CISSP, or CRISC are preferred.