Security Architecture & Engineering Manager

Overview

The Security Architecture & Engineering Manager is a key resource on the Cyber Security and Risk Management (CSRM) team. The Manager oversees and coordinates security efforts across the bank including departments such as information technology, human resources, communications, legal, finance management and other groups, and identifies and establishes security initiatives and standards throughout the organization. The Security Architecture & Engineering Manager is responsible for planning, directing and coordinating the bank's information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded throughout the bank and are in compliance with privacy, customer trust and information security laws and regulations applicable to financial institutions. The Manager is responsible for working with key individuals throughout the organization to develop business cases for new security projects and in the risk assessment of existing and planned information systems.

Principal Duties & Responsibilities:

• Managing the day-to-day operations of cybersecurity tools and processes such as static, dynamic, and manual application security testing, application and architecture reviews, data loss prevention (DLP), email security, cloud security posture management (CSPM), and SaaS security posture management (SSPM).

• Responsible for leading, managing, and motivating a team of cybersecurity professionals to ensure the success of the Security Architecture & Engineering program.

• Oversee the department goals and objectives and ensuring timelines and goals are met within a timely manner.

• Drive and oversee the development of playbooks and standard operating procedures for incident response, security tools and processes.

• Lead and deliver operational reporting and metrics, including KPIs and KRIs.

• Conduct follow-up reporting, pro-active communications, and timely alerts related to remediation delivery.

• Participate in development and implementation of the appropriate and effective controls to mitigate identified threats and risks.

• Facilitate internal and external audits, examinations, risk assessments, and security reviews.

• Ensure detected security issues, self-identified issues, and audit or regulator findings result in implemented solutions to reduce security risks.

• Address the systemic root cause in risk mitigations, and not simply the “finding” itself.

• Oversee incorporation of applicable regulatory guidelines and industry standards into the Bank’s policies, procedures, and operations.

• Develop, document, and administer processes, procedures, and guidelines in support of the duties and responsibilities of the team to enhance the capability of the Security Architecture & Engineering program.

• Work with the appropriate Bank personnel in communicating standards and procedures.

• Document progress reports on information security projects, IT and security key risk indicators, quarterly business reviews, compliance posture, and other metrics to the appropriate Committees, and Board of Directors, as needed.

• Drive strategy and projects that increase the overall growth and maturity of the Security Architecture & Engineering program.

• Develop, execute, and maintain strategy and roadmap for the ongoing growth of the Security Architecture & Engineering program.

• Maintain up-to-date knowledge of cybersecurity threats including; common attack methodologies, indicators of compromise, advanced persistent threat groups, current hacker activities, and adversarial tactics, techniques, and procedures.

   

Qualifications

• 8-10 years years of progressive experience in information security, information technology risk management, compliance, and/or related knowledge preferably in banking or a highly regulated industry.

• Proven experience in incident response management.

• Ability to understand new laws and regulatory requirements and how they relate to security and compliance and present the overall risk to the Bank.

• Experience with Information Security concepts related to Governance, Risk & Compliance.

• Secure messaging and communication architectures

• Strong Knowledge of regulatory bodies, and the regulations and guidance issued by these bodies, overseeing banks, credit unions, and financial services organizations, such as the FDIC, FinCEN, Federal Reserve Board, and OCC.

• Strong knowledge of privacy laws, such as GLBA and SOX.

• Must be a persuasive leader who can serve as an effective member of the management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.

• Must possess strong project management and leadership aptitude; demonstrated professionalism in managing multiple projects and resources effectively.

• Should have experience with business impact analysis, business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.

• Outstanding communications skills - must be proficient communicating across all levels of the organization as well as building successful relationships.

• Ability to independently research and solve technical issues.

• Experience with ethical hacking, application, web application and system security.

• Ability to develop policies, technical configuration standards, and guidelines.

• Proficient in requirement gathering, design documentation and preparing proof of concepts.

Education

• Bachelor's Degree in Computer Science, or related discipline. 

Special Instructions to Candidates

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.