Saturday, March 12, 2016

Director Information Security AIG New York City

• 2-minute read •
Job Description:
Advisor Group has an exciting opportunity for a Director of Information Security, reporting to the VP of Applications, in one of the following locations: New York City, Oakdale MN, Phoenix, AZ or Atlanta, GA. In this role you will have the opportunity to build and lead the function, establishing information security objectives and processes specific to the independent broker/dealer business, and leading assessments to test sufficiency and readiness. This includes liaising with the technology and business teams, advising, advocating, and facilitating to identify and reduce information security risk.
The successful candidate will demonstrate strong knowledge of and experience with the general information security controls employed to protect organizations and computer applications.

Performance objectives in this position are as follows:
• Proactively and collaboratively work with business units/departments to develop and implement procedures that meet defined policies and standards for information security management.

• Perform application vulnerability assessments to identify and prioritize security exposures in applications used by the business; follow up with IT staff to remediate findings
• Identify, evaluate and report on information security risks in a manner that meets the company’s legal, regulatory and contractual requirements.

• Ensure the information security management program is in compliance with applicable laws, regulations, contractual requirements, and policies (e.g., the Health Insurance Portability and Availability Act, the Payment Card Industry Data Security Standard, the Internal Revenue Service Tax information Security Guidelines and cybersecurity guidelines outlined by FINRA and the SEC) to minimize or eliminate risk and address audit findings.
• Perform security risk assessments on potential vendors and business partners (including cloud service providers) to evaluate infrastructure controls
• Deploy and administer security software solutions as needed (such as encryption key management, application vulnerability scanners, etc.)
• Develop business-relevant metrics to measure the efficiency and effectiveness of the company’s information security management program, forecast appropriate resource allocation and increase the maturity of the program.
• Coordinate and support security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.
• Perform computer forensic work
• Advise management on industry developments in business practice, technology, security issues and legislation that impact the company’s security policy
• Review firewall changes for security risks
• Oversee incident response planning and management of security incidents and events to protect client IT assets (e.g. information, critical infrastructure, intellectual property, and reputation), such duties to include overseeing the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches, as necessary.
• Manage projects and help implement initiatives surrounding data security and privacy
• Develop, document and implement information security procedures to enforce information security standards

• Provide subject matter expertise to executive management on a broad range of information security standards and best practices (e.g. the ISO/IEC 27000 series, the NIST Computer Security Division Special Publications and Federal Information Processing Standards, the Payment Card Industry Data Security Standard) and offer strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.

• Work with the VP of Applications to coordinate and manage public relations activities as they relate to the information security program and incident response.

• Coordinate the use of external resources involved in the information security management program, including, but not limited to, interviewing, assisting in negotiating contracts and fees and managing external resources.
• Perform other security-related duties as requested

Position Requirements:


• 10 years’ experience in an information technology role, five of which are in information security or risk management. Experience specific to Financial Services and broker-dealers (including FINRA and SEC exams) is a big plus.

• Professional certification such as CISSP, CISA or CISM is preferred

• Strong familiarity with security issues surrounding web application security and experience in testing such applications for vulnerabilities

• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals

• Experience assessing third parties for infrastructure security controls and general security practices
• Experience developing and implementing security policies and/or standards
• Familiarity with security issues surrounding network computing and experience in implementation of security systems and controls
• Excellent working knowledge of Microsoft and/or POSIX operating systems and related applications (such as IIS, SunOne, Oracle)
• Strong understanding of multiple networking protocols (TCP/IP, NetBIOS etc.) and networking concepts
• Strong understanding of OS and network security
• Formal training or commensurate work experience in application security tools (scanners, Web Application Firewalls [WAFs], etc. )
• Formal training or commensurate work experience in security administration for at least three technical areas (e.g. LAN/WAN, Microsoft, UNIX, Firewall, TCP/IP, Applications).
• Experience with deploying and securing Internet applications

• Bachelor’s degree in information technology, business administration or a related field, or
• Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate
• Strong analytical skills
• Computer forensic skills desirable
• Excellent written and verbal communication skills are a must
• Ability to deal diplomatically and effectively with all levels of technological expertise, including technical staff and senior management
• Ability to balance project work with day-to-day administrative tasks and troubleshooting in a highly dynamic business environment

Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Related Posts Plugin for WordPress, Blogger...