Director of GRC
New York City, US
Full Time Executive-level / Director USD 142K - 165K
Amalgamated Bank
Welcome to America’s socially responsible bank: supporting forward-thinking organizations, companies and people and working to make the world more just, compassionate and sustainable.Amalgamated Bank is seeking a Director of GRC to plan, design, and implement holistic information security program with focus on emerging threats, regulatory requirements, and industry best practices. The manager will be responsible for building security culture of the bank and will report to the Chief Information Security Officer (CISO) and assist in implementing information security program across all areas of information security- Governance, Risk, and Compliance.
By joining our team, you’ll be joining a Bank that believes that that maintaining a diverse and inclusive workplace where everyone feels valued and respected is essential for us to grow as a company. We are dedicated to building a more equitable world in our everyday practices by embracing the values of our employees and customers.
Essential Job Functions:
- Assist CISO in designing and managing information security program.
- Define and implement clear Second Line of Defense ( 2LoD[MS1] ) roles and functions.
- Act as liaison between Auditors, Regulators, Information Security, Management by coordinating requests for information and by coordinating responses to any observations.
- Build and Design information security awareness and training program for organization personnel and mentor information security personnel
- Manage information security personnel
- Plan and draft department budget and track costs associated with the program
- Track bank defined KPIs and KRIs
- Prepare and coordinate regulatory activities including, but not limited to NYSDFS 500 and Sarbanes-Oxley Act (SOX)
- Provide Information Security consultation to relevant departments and communicate information security goals and new programs effectively with other department managers within the organization.
- Develop, implement and monitor a strategic, comprehensive enterprise information security risk management program including Risk and Control Self-Assessment (RCSA)
- Promote secure design of systems and infrastructure in line with industry standards and best practices including application of secure coding practices across the engineering organization, conducting security reviews of new features, leveraging industry tooling to automate and improve the security review.
- Develop, document, track, and implement information security policies, controls, and procedures.
- Work with vendors to perform security audits ensuring they meet industry standards.
Knowledge, Skills and Experience Requirements:
- Bachelor’s degree or equivalent experience
- Minimum seven (7) to ten (10) years in Audit and Compliance Management roles Knowledge of security frameworks– ISO 27001, NIST, etc.
- Knowledge of banking laws and regulations
- Experience with policy design, authoring and implementation
- Excellent verbal/written communication and interpersonal skills
- Strong analytical ability and Confident and experienced in working with senior leadership as well as support and engineering management and staff
- Certifications such as CISSP, CGEIT, CISA, CRISC, CISM desirable
Our job titles may span more than one career level. The starting base salary for this role is between $142,000.00 – $165,000.00. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.
Amalgamated Bank is an Equal Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans. AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View our Pay Transparency Statement. Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.
As part of our commitment to health and safety, all team members currently working in our office space are required to show proof of vaccination. To be considered for any position at Amalgamated Bank where permitted by applicable law (including any applicable reasonable accommodation, medical or religious exemption), candidates must have received the COVID-19 vaccine prior to their start date. Upon commencement of employment, new team members must provide proof that they have been fully vaccinated against COVID-19.
Tags: Audits Banking CISA CISM CISO CISSP Compliance CRISC Governance ISO 27001 KPIs NIST Risk management SOX
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs