A foreign banking organization is seeking a cyber security consultant with both strong technical and compliance experience. The position will be accountable for developing and enhancing the branch's Cybersecurity / Information Security program including policies, procedures, standards and manuals. By implementing enhanced Cybersecurity / Information Security Program, the position will be responsible for following state and federal regulations by risk assessments, data classification and others.
Accountable for assisting to develop and write enhanced Cybersecurity / Information Security Program including policies, procedures and others to be in compliance with regulatory rules and laws.
Accountable for assisting to implement robust risk assessment process for the branch's Cybersecurity / Information Security Program including but not limited to Third party risk assessment, reporting and mitigation, project security risk assessments.
Assisting to response to audits, examinations and tests for the branch's Cybersecurity / Information Security program including mitigation plan.
Work with vendors and service providers for penetration test and vulnerability scan and response to the results to mitigation network risks.
Assisting to develop and provide education and training program on information security / cybersecurity for employees.
Assisting to develop and implement an Incident Reporting and Response System to address branch security and incidents.
Assisting to answer staff questions about security, respond to security incidents in a way that helps staff understand their role in security, and preparing materials for ongoing security knowledge transfer to staff
Undertake any other relevant duties assigned by the Department Head from time to time
Knowledge & Experience Requirements:
Bachelor's degree or equivalent; Advanced degree or IT background is preferred.
Consulting project experiences with financial institutions
Typically requires 3+ years relevant experience.
Strong knowledge of FFIEC Guidelines, NY Client Cybersecurity regulations, ISO 27001