A financial services group holding the above licenses is seeking a highly skilled Information Security Officer (ISO). The ISO will be responsible for developing, implementing, and maintaining a robust information security program that aligns with regulatory requirements and industry best practices. This role requires a deep understanding of cybersecurity frameworks, risk management methodologies, and relevant compliance obligations associated under license MTF, CSD and PFP.
Key Responsibilities:
Strategic Security Leadership
- Develop and maintain the organization’s information security strategy, ensuring alignment with business objectives and regulatory requirements under the MTF, CSD, and PFP license.
- Champion a culture of security awareness and continuous improvement across all departments.
Governance, Risk, and Compliance (GRC)
- Establish and enforce information security policies, standards, and procedures that meet or exceed regulatory standards.
- Perform ongoing risk assessments and audits to identify vulnerabilities, ensuring controls are in place to mitigate threats.
- Oversee compliance with relevant laws, regulations, and guidelines associated with each license.
Security Program Management
- Implement and maintain a comprehensive security program covering incident response, disaster recovery, business continuity, and vendor risk management.
- Coordinate regular penetration testing, vulnerability scanning, and security assessments to identify and remediate gaps.
Incident Detection and Response
- Develop, implement, and test incident response plans to minimize impact in the event of a security breach.
- Lead investigations into potential security incidents and direct containment, eradication, and recovery processes.
Stakeholder & Regulatory Engagement
- Serve as the primary point of contact for internal and external security-related audits and regulatory examinations.
- Collaborate with cross-functional teams (IT, Legal, Risk, Compliance) to address regulatory inquiries and ensure timely reporting.
Training & Awareness
- Design and deliver information security training programs for employees at all levels.
- Promote best practices, compliance awareness, and a proactive security mindset throughout the organization.
Technology & Innovation
- Evaluate emerging technologies and security trends, recommending solutions to enhance data protection and resilience.
- Work closely with IT teams to ensure secure architecture design and system configurations.
Qualifications & Experience
- Education: Bachelor’s degree (or higher) in Computer Science, Information Security, or a related field.
- Professional Certifications (preferred): CISSP, CISM, CISA, CRISC, or equivalent.
- Experience:
- 10+ years of progressive experience in information security and cybersecurity roles.
- Proven track record designing and implementing security programs in highly regulated environments.
- Experience managing audits, assessments, and compliance initiatives tied to financial services licenses.
- Technical Skills:
- Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, COBIT) and data protection regulations.
- Hands-on experience with SIEM, IDS/IPS, endpoint protection, and other security technologies.
- Soft Skills:
- Excellent communication, leadership, and stakeholder management skills.
- Ability to work collaboratively across diverse teams and explain complex security concepts in business terms.
