Location: New York,NY, USA
**Chief Information Security Officer**
SHARE
* Develop Security Framework for BHFSUS ensuring compliance with money transmission and money service business regulatory requirements in each state and federal level.
* Ensure security readiness for each US state through analysis of requirements and implementation of security controls to meet requirements and best practice.
* Localize security policy and processes to ensure adherence to requirements and also corporate standards.
* Lead the implementation of security policies and operationalize for BHFSUS
* Monitor compliance on an ongoing basis, execute risk assessments and address risks and issues in a timely manner.
* Report on emerging new threats and provide solutions and education accordingly
* Enforce strong security adherence across the BHFSUS organization, develop and deliver training and security awareness programmes. Communicate the value of cybersecurity throughout all levels of the organization's stakeholders.
* Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
* Work at local level and across the Brands to enhance and implement security standards.
* Respond to incidents, establish appropriate standards and controls. Report to Exec Team, ensuring awareness of current and emerging threats.
* Specify and oversee the implementation of IT security measures.
* Organize penetration testing.
* Execute external and internal IT vulnerability assessments and own the delivery of remediation.
* Be the go to expert for BHFSUS on all matters relating to IT security
* Provide regular reports to CPTO and Exec Team of BHFS. Advise senior management on risk levels and security posture.
* Advise senior management on cost-benefit analysis of information security programs, policies, processes, systems and elements.
* Provide expert support on business and IT projects to ensure all comply with security policy and best practice.
* Own and run IT security audits and the implementation of the security programme for BHFSUS
* Collaborate with the Legal, Data Protection and Compliance teams through changing compliance landscapes.
* Stay abreast of cyber security issues and regulatory changes affecting BHFSUS and own the delivery of any related changes.
* Establish quarterly, annual and long term information security goals, articulate strategies, define and implement metrics, create reporting mechanisms and provide updates to relevant stakeholders including Audit Committee.
* Bachelors degree or equivalent program in Computer Science, Business Information Systems, Information Security or Information Technology
* Relevant Professional certification essential: CISSP, CISA, CISM or CRISC
* Minimum 8 years in a Senior Information Security or similar role.
* Experience in setting up and managing information security in a regulated financial entity.
* Experience working in a fast-paced, technology-centric and/or online business
* Excellent knowledge and experience of ISO27001, ISO27002 and NIST
* Knowledge of national and international laws, regulations, policies and ethics as they relate to cybersecurity.
* Knowledge of Risk Management Processes ( eg methods for assessing and mitigating risk)
* Experience in managing PCI-DSS certifications
* Candidates must be willing to travel as required, including international travel.
* Experience in working in regulated financial entities and specifically in the payments business is essential.
* In depth understanding of payments and payments products.
* Experience in working in large international organizations is an advantage.
* Results oriented. Proven ability to prioritize projects and initiatives and align to corporate and product goals.
* Ability to drive the cybersecurity roadmaps, while still rolling up your sleeves and getting involved in the hands-on, day-to-day activities
* Experience working in an online environment and experience with programs such as ISO, SOX, GDPR, CCPA and other related compliance frameworks
* Demonstrated ability to build successful cybersecurity programs
* Expert understanding of cybersecurity concepts, principles and practices.
* Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
* An ability to effectively influence others to modify their opinions, plans, or behavior
* An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
* Able to deal with ambiguity and work independently as well as part of a cohesive team
* An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
* Excellent presentation skills, especially with senior executive audiences
* Excellent conceptual problem-solving skills with demonstrated ability to bring structure to vaguely defined problems, pragmatically scope problems and manage execution
* Organizational and political agility; developed negotiation and influence skills
* Unquestionable personal code of ethics, integrity, diversity and trust
* Able to successfully navigate within varying degrees of ambiguity in a fast-paced environment
* Experience of formal risk assessment methodologies.
* In depth understanding of networks, databases and business applications as they relate to security. Excellent understanding of computer networking concepts and protocols, and network security methodologies.
* Excellent interpersonal skills and ability to influence and negotiate with senior stakeholders.
* Succinct Communicator ability to break down complex issues and communicate at all levels in the organization.
* Ability to work in a cross-functional matrix environment
* Excellent understanding of vulnerability management and associated tools and solutions.
* Keeps up to date on all matters pertaining to IT security.
* Resilient Ability to work under high-pressure, meet challenging timelines and remain calm under pressure or in times of emergency or crisis.
* A True Team Player. Ability to develop and maintain productive relationships across organizations to ensure that security and compliance initiatives are achieved
* Knowledge of leading practice incident management processes.
* Solution driven with demonstrated ability to meet deadlines and deliver results.
* Strong knowledge of PSD2 and GDPR