Lead security functions across ClearBank’s regulated cloud banking platform. Ensure safety, resilience, and compliance while collaborating with engineering and product teams.
About the role
- Information Security Specialist protecting critical information assets for People Corporation. Collaborating with stakeholders to manage cyber risks and ensure compliance with industry standards.
Responsibilities
- Provide expertise to business leaders and technology teams by conducting security risk assessments, identifying potential threats and vulnerabilities, and recommending appropriate compensatory measures to allow risk to be managed to acceptable levels
- Collaborate with information security members to develop and align information security policies and standards with evolving business needs and industry standards (e.g. ISO 27001, NIST CSF) and ensure the ongoing currency of same for all participating companies
- Recommend security compliance and remediation initiatives for technology, processes, and services (a.) to ensure ongoing effectiveness of the information security program, (b.) to protect the business from security threats and (c.) to ensure compliance with regulatory, key business partner and client requirements
- Maintain awareness of security/privacy industry to keep abreast of best practices, trends, technologies, and regulatory requirements in information security
- Ensuring due care and competitive positioning on security solutions
- Research best practices and define/recommend improvements to corporate security infrastructure in support of the security program
- Develop and implement security strategy, plans, and budgets, ensuring alignment with business objectives and risk appetite for specific locations/companies
- Complete business cases for security solutions with a keen focus on risk assessment practices
- Developing and maintaining an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, data, and customers
- Function as main contact or adviser for local security as part of Information Security leadership role and the IT business partners, as well as finance, HR, legal, and other staff as needed
- Provides leadership, executive support, and strategic and tactical guidance for the cybersecurity program supporting enterprise security initiatives
- Active engagement with Partner firms to help a company toward objective achievements through representation of the security program and helping in the case of a security incident as a main contact for communication
- Participating in company/region/unit related meetings and conferences and industry forums associated as part of the cybersecurity program
- Act as main contact or adviser for company affiliates and partners in their pursuit of aligning to the cyber program and governance structures
- Understands the processes, identifies, and evaluates controls and risks, and suggests controls and risk management strategies so that the company is complying with Information Security Policies and Standards
- Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units
- Identify, document, and address threats and vulnerabilities that may impact the business
Requirements
- At least 10+ years’ cybersecurity experience (or information technology infrastructure coupled with cybersecurity), with at least 5+ years in an operationally focused security practitioner role
- Familiar with the cybersecurity acquisition due diligence process to assess the target firm’s status regarding regulatory compliance, security policies, and third-party risk
- At least 3 years’ experience working with business leadership, and enterprise projects
- Familiar with hands-on experience in IT infrastructure and security technologies (e.g., Firewalls, IPS/IDS, WAF, VPN, SIEM, MXDR, EDR, CASB, SSO, MFA, DLP)
- Experience in Cloud Security Operations for environments such as Azure, M365, GCP or AWS
- Completion of post-secondary education in Information Technology, Business Administration, Computer Science or combination of equivalent discipline
- A current senior professional certification relevant to cybersecurity, or risk management, such as: CISSP, CISM, CRISC, CISA
- Other beneficial industry certifications or training include GSEC, CCSP, CySA+ or ITIL
- Knowledge of various security best practices, security principle, standards and frameworks (e.g. CIS, ISO27001, NIST, OWASP)
Benefits
- Learn by working alongside our experts
- Extended health care and dental benefits
- A retirement savings plan with company contributions
- A suite of Health & Wellness offerings
- Mental Health programs and support for you and your family
- Assistance for the completion of industry designations
- Competitive compensation
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Business Exp Plan & Admin Spec Sr. collaborating with cross - functional teams for PNC's Enterprise Technology & Security Organization. Delivering business planning processes and value - add opportunities while managing projects across physical security.
Cloud Security Engineer focused on protecting Shipt applications and guiding engineering teams in cybersecurity best practices. Designing, developing, and maintaining secure security systems in a hybrid environment.
Apprentice Fire and Security Engineer installing, commissioning, and maintaining electronic protection systems for Johnson Controls. Collaborating in a team - based environment and gaining hands - on experience in fire and security technology.
Senior Security Architect providing security consulting and risk assessment at The Missing Link. Leading initiatives in security architecture and technology risk support within a hybrid work environment.
Construction Site Superintendent overseeing construction projects for Johnson Controls, ensuring timely completion and adherence to project scope, budget, and schedule. Collaborating with teams and managing site activities in the United States.
Teaching and research role in Cybersecurity and AI at De Vinci School. Engaging in course design and research projects in a collaborative academic environment.
Data Protection Security Engineer at Fiserv designing, implementing, and maintaining cybersecurity solutions. Collaborating with teams to safeguard client information and ensure regulatory compliance.
Senior Manager IAM Metric Insights managing metrics and performance in Identity and Access Management. Delivering insights and reporting to enhance security posture for RBC's Global Security team.
HSE Technician I in TechnipFMC's HSE team promoting and supporting an HSE culture. Assisting with investigations, conducting audits, and maintaining safety documentation.