Summary

The Head of Vulnerability Management and Security Operations reports to the Chief Information Security Officer and is responsible for managing senior and junior IT Security engineers in security monitoring, remediating all security-related alerts & reports, and overseeing all IT Security engineering security projects.

Other responsibilities include researching security solutions and investigating reported security related issues as well as overseeing the review and assessment of the corporate IT hosts, network, & infrastructure applications in CA-CIB NY enforcing the security policy and to comply with the various regulatory and audit requirements. The Head of Vulnerability Management and Security Operations also provides security consultation on all projects and serves as a senior security advisor on various committees.

Key Responsibilities

·         The Head of Vulnerability Management and Security Operations will be responsible for developing and executing a comprehensive security strategy to identify, assess, and mitigate any potential vulnerabilities in our systems
·         Develop and implement a comprehensive threat and vulnerability management strategy across CACIB Americas
·         Lead and management the Security Operations team, including acting as the lead for all information security incidents
·         Ensure all areas of CACIB Americas remain in full compliance with regulatory requirements such as, NYDFS, and FFIEC guidelines.
·         Oversee and govern the operation of security tools and systems, including SIEM, firewalls, endpoint protection, and various information security controls
·         Manage internet/internal application and network vulnerability scans assessments and remediation.
·         Run a daily Threat Intelligence Briefing
·         Manage Application/Network Penetration tests
·         Manage Firewall change management process and conduct Firewall auditing.
·         Manage Web access management process.
·         Evolve the Security function by continuous assessment of our risks, threats & vulnerabilities.
·         Manage & guide senior and junior IT Security engineers in security control activities.
·         Support Continuous Monitoring Framework by effectively reporting the Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) on a periodic basis and incorporating into the information security dashboard via the control plan.
·         Maintain and update all local policies, procedures and standards.

Key Responsibilities Continued:

·         Assess existing and new infrastructure and business application planning or implementation and design in accordance to IT Security policies and standards.

·         Awareness and development of controls and detection solutions to address malware, cybersecurity and advance persistent attacks.

·         Research and design security solutions in accordance to IT Security policies and standards to meet business requirements and to enhance Bank’s security posture.

Management and Reporting

·         Reports to the Chief Information Security Officer (CISO)

·         Manage IT Security Engineering Team

Key Internal contacts

All GIT/SIT/ISS groups in Americas & Paris

Key External contacts

·         Varies per projects/incidents/audits (e.g. Foundstone, CyberArk, Ernst & Young, etc.)

Salary Range: $210k - $250k