The #1 Site for Finance Jobs - search all Finance jobs.
I305pd6r0xz0s3ygf3q

Senior Information Security Compliance Specialist

Description

The Senior Information Security Compliance Specialist provides innovative insight and direction on the Information Security Governance, Risk and Compliance Program and maximizes effectiveness within methods and approaches to ensure implementation of appropriate security policies, procedures and controls that comply with regulatory standards and mitigate risk for the organization.  ​

Duties and responsibilities include:

Governance and Compliance


  • Support the development and design of information security program, policies, procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices and coordinate with all teams to synergize deliverables across all divisions to ensure appropriate implementation and minimize business disruption

  • Develop and Design the Customer and Employee Information Security Awareness Program Campaigns.

  • Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.

  • Coordinate IT General Controls (ITGC) and compliance testing activities and communications with the internal and external auditors and assessors.

  • Educate and advise members of executive, business and IT on information security best practices and provide recommendations and guidance on implementation or enhancements of IT controls.

  • Provide recommendations on applicable security controls to strengthen technology solutions, support and follow-up to ensure appropriate and adequate controls are maintained and adhere to FFIEC Guidelines SOX and Privacy regulatory requirements.

  • Provide support to the organization Business Continuity and Disaster Recovery program to ensure appropriate security controls are in place in alignment with regulatory standards.​

  • Continually maintain current knowledge of industry best practices and regulatory environment.

  • Monitor compliance with Information Security Program, Policies and Procedures.

  • Serve as comprehensive information security compliance subject matter expert for a wide-range of inquiries.

  • Ensure compliance with FFIEC, GLBA, SOX and other industry specific regulations.


Risk Management


  • Perform the annual Information Security and GLBA Risk Assessments while implementing improvements to the current process.                                           

  • Coordinate Cybersecurity Self Assessments and provide recommendation for improvements.

  • Perform formal risk and compliance information assessments and self-assessment (plan, source, coordinate, conduct, analyze, summarize, report, outline business impact and develop action plan.

  • Provide Information Security compliance requirements for the acquisition, management and maintenance of third party service provider to support the organization’s enterprise wide vendor management program.

  • Identify gaps in the design and operating effectiveness of controls, and identify opportunities for continuous improvement.

  • Provide design, consulting and ongoing governance of security controls to ensure appropriate segregation of duties, and compliance.

  • Identify, evaluate, monitor and make any recommendations deemed necessary to the Risk Management Committee in order to assess, reduce, eliminate, or control any current or prospective risks to earnings or capital arising from violations of, or nonconformance with, laws, rules regulations, prescribed practices, internal policies and procedures or ethical standards.


Change Management


  • Support change management program process to ensure that standardized methods and procedures are used to enable the efficient and prompt handling of changes and deter from unauthorized change.

  • Back-up Chair of the Change Advisory Board (CAB) and manage Requests for Changes (RFC’s) throughout the change process lifecycle.

  • Ensure that all changes are in compliance with Security, Regulatory, and Audit standards and appropriately identify risk and impact to the organization.


Project Management


  • Lead the design and development of Information Security project deliverable documentation to ensure security control recommendation are timely implementation for all the organizations new project, products and services.                                   

  • Provide Information Security control requirements for the acquisition, management and maintenance of new and existing projects, products and services 

  • Provide design, consulting and ongoing governance of security controls to ensure appropriate segregation of duties, and compliance.

  • Evaluate Information Security project resource capacity to be able to appropriately assign SME’s needed to support new projects, product or services implementations.


Functional Skills & Knowledge:


  • Excellent planning and time management skills.

  • Exceptional analytical and problem solving skills, attention to detail, wide knowledge of technology, security compliance and regulatory standards.

  • Strong interpersonal and organizational skills, including the ability to meet deadlines, develop written policies standards and procedures, and provide consistent and superior customer service.

  • Excellent communication skills, both written and verbal.

  • Advanced skills to set work priorities and make independent decisions regarding recommendation for security controls, risk migration action plans and project constraints.

  • High level of attention to detail and accuracy.

  • Team player and work in a cooperative manner with Technology, Audit and other units of the organization to provide appropriate information security control recommendation and policies that enable business objectives while meeting regulator obligations.

  • Willingness and ability to adapt to rapid changes in order to support and use emerging technologies.

  • Demonstrated ability to apply analytical skills in dealing with issues that are not readily defined or that conflict with available information.

  • Strong facilitation and project management skills and understanding of business process controls.

  • Independent/self-starter with excellent problem solving skills.

  • Ability to adapt to changing requirements and priorities.


Requirements

Minimum Education and /or Certifications:


Bachelors’ Degree in Computer Science, Information Technology, Management Information Systems or similar discipline.  PMP, CGEIT, CRISC, CISA, CISSP. ITIL or equivalent Information Technology audit or security certifications a plus.


Candidate must be knowledgeable and competent in assessing, controlling and managing a variety of risks, with experience in risk exposure identification, risk evaluation, and risk control.  Thorough knowledge of the Banking industry policies & procedures as well as applicable banking regulations is desired.


Minimum Work Experience Requirements:


  • Minimum seven years of IT Risk Management, IT Audit and or IS Compliance. 2 to 5 years work experience in IT and information security, access management, technical support and customer service.


  • Minimum five years’ experience policy, procedure, and standards development for a large IT environment and in Information Security, Governance & Compliance, Auditing or related disciplines.


Technical and/or Essential Knowledge:


  • Extensive knowledge of Information Security standards and best practices.

  • Computer literate with proficiency in Microsoft Office and Microsoft Project Microsoft Office, Information Security, GRC Platforms experience

  • Knowledge of COBIT and COSO and Sarbanes Oxley legislation and impact, and other regulations.

  • Extensive understanding of IT and Security impacting banking regulations and standards such as GLBA and PCI.

  • An understanding of financial services industry core banking applications and systems.


Working Conditions


Physical Demands:  Air-conditioned office.  Sitting at workstation 85%; lifting and carrying equipment 5% of the time.


This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

Job Snapshot

Location US-FL-Miami
Employment Type Full-Time
Pay Type Year
Pay Rate N/A
Store Type Banking
Apply

Company Overview

Amerant Bank

At Amerant Bank, we empower our customers by providing them with the financial solutions they need to move forward. We do the same for our employees in that we provide an environment that allows them to pursue their career aspirations and enjoy a rewarding work experience. We recognize that everyone has their own career goals and definition of success. That’s why at Amerant Bank, we empower employees with the resources, support and opportunities to move their careers in the direction of their aspirations. Learn More

Contact Information

US-FL-Miami
Snapshot
Amerant Bank
Company:
US-FL-Miami
Location:
Full-Time
Employment Type:
Year
Pay Type:
N/A
Pay Rate:
Banking
Store Type:

Description

The Senior Information Security Compliance Specialist provides innovative insight and direction on the Information Security Governance, Risk and Compliance Program and maximizes effectiveness within methods and approaches to ensure implementation of appropriate security policies, procedures and controls that comply with regulatory standards and mitigate risk for the organization.  ​

Duties and responsibilities include:

Governance and Compliance


  • Support the development and design of information security program, policies, procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices and coordinate with all teams to synergize deliverables across all divisions to ensure appropriate implementation and minimize business disruption

  • Develop and Design the Customer and Employee Information Security Awareness Program Campaigns.

  • Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.

  • Coordinate IT General Controls (ITGC) and compliance testing activities and communications with the internal and external auditors and assessors.

  • Educate and advise members of executive, business and IT on information security best practices and provide recommendations and guidance on implementation or enhancements of IT controls.

  • Provide recommendations on applicable security controls to strengthen technology solutions, support and follow-up to ensure appropriate and adequate controls are maintained and adhere to FFIEC Guidelines SOX and Privacy regulatory requirements.

  • Provide support to the organization Business Continuity and Disaster Recovery program to ensure appropriate security controls are in place in alignment with regulatory standards.​

  • Continually maintain current knowledge of industry best practices and regulatory environment.

  • Monitor compliance with Information Security Program, Policies and Procedures.

  • Serve as comprehensive information security compliance subject matter expert for a wide-range of inquiries.

  • Ensure compliance with FFIEC, GLBA, SOX and other industry specific regulations.


Risk Management


  • Perform the annual Information Security and GLBA Risk Assessments while implementing improvements to the current process.                                           

  • Coordinate Cybersecurity Self Assessments and provide recommendation for improvements.

  • Perform formal risk and compliance information assessments and self-assessment (plan, source, coordinate, conduct, analyze, summarize, report, outline business impact and develop action plan.

  • Provide Information Security compliance requirements for the acquisition, management and maintenance of third party service provider to support the organization’s enterprise wide vendor management program.

  • Identify gaps in the design and operating effectiveness of controls, and identify opportunities for continuous improvement.

  • Provide design, consulting and ongoing governance of security controls to ensure appropriate segregation of duties, and compliance.

  • Identify, evaluate, monitor and make any recommendations deemed necessary to the Risk Management Committee in order to assess, reduce, eliminate, or control any current or prospective risks to earnings or capital arising from violations of, or nonconformance with, laws, rules regulations, prescribed practices, internal policies and procedures or ethical standards.


Change Management


  • Support change management program process to ensure that standardized methods and procedures are used to enable the efficient and prompt handling of changes and deter from unauthorized change.

  • Back-up Chair of the Change Advisory Board (CAB) and manage Requests for Changes (RFC’s) throughout the change process lifecycle.

  • Ensure that all changes are in compliance with Security, Regulatory, and Audit standards and appropriately identify risk and impact to the organization.


Project Management


  • Lead the design and development of Information Security project deliverable documentation to ensure security control recommendation are timely implementation for all the organizations new project, products and services.                                   

  • Provide Information Security control requirements for the acquisition, management and maintenance of new and existing projects, products and services 

  • Provide design, consulting and ongoing governance of security controls to ensure appropriate segregation of duties, and compliance.

  • Evaluate Information Security project resource capacity to be able to appropriately assign SME’s needed to support new projects, product or services implementations.


Functional Skills & Knowledge:


  • Excellent planning and time management skills.

  • Exceptional analytical and problem solving skills, attention to detail, wide knowledge of technology, security compliance and regulatory standards.

  • Strong interpersonal and organizational skills, including the ability to meet deadlines, develop written policies standards and procedures, and provide consistent and superior customer service.

  • Excellent communication skills, both written and verbal.

  • Advanced skills to set work priorities and make independent decisions regarding recommendation for security controls, risk migration action plans and project constraints.

  • High level of attention to detail and accuracy.

  • Team player and work in a cooperative manner with Technology, Audit and other units of the organization to provide appropriate information security control recommendation and policies that enable business objectives while meeting regulator obligations.

  • Willingness and ability to adapt to rapid changes in order to support and use emerging technologies.

  • Demonstrated ability to apply analytical skills in dealing with issues that are not readily defined or that conflict with available information.

  • Strong facilitation and project management skills and understanding of business process controls.

  • Independent/self-starter with excellent problem solving skills.

  • Ability to adapt to changing requirements and priorities.


Requirements

Minimum Education and /or Certifications:


Bachelors’ Degree in Computer Science, Information Technology, Management Information Systems or similar discipline.  PMP, CGEIT, CRISC, CISA, CISSP. ITIL or equivalent Information Technology audit or security certifications a plus.


Candidate must be knowledgeable and competent in assessing, controlling and managing a variety of risks, with experience in risk exposure identification, risk evaluation, and risk control.  Thorough knowledge of the Banking industry policies & procedures as well as applicable banking regulations is desired.


Minimum Work Experience Requirements:


  • Minimum seven years of IT Risk Management, IT Audit and or IS Compliance. 2 to 5 years work experience in IT and information security, access management, technical support and customer service.


  • Minimum five years’ experience policy, procedure, and standards development for a large IT environment and in Information Security, Governance & Compliance, Auditing or related disciplines.


Technical and/or Essential Knowledge:


  • Extensive knowledge of Information Security standards and best practices.

  • Computer literate with proficiency in Microsoft Office and Microsoft Project Microsoft Office, Information Security, GRC Platforms experience

  • Knowledge of COBIT and COSO and Sarbanes Oxley legislation and impact, and other regulations.

  • Extensive understanding of IT and Security impacting banking regulations and standards such as GLBA and PCI.

  • An understanding of financial services industry core banking applications and systems.


Working Conditions


Physical Demands:  Air-conditioned office.  Sitting at workstation 85%; lifting and carrying equipment 5% of the time.


This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

MoneyJobs Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using moneyjobs.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
Senior Information Security Compliance Specialist Apply now