Skip Navigation

Executive Director, Information Security Risk Officer

  • New York, NY
  • Full Time

Apply for the Executive Director, Information Security Risk Officer position

"*" indicates required fields

Max. file size: 10 MB.
Drop files, or upload here
This field is for validation purposes and should be left unchanged.

Office Status: Hybrid

Locations: New York, NY

Salary: $200,000 – $240,000


  • Manage the Branch information security governance framework through the implementation of a strategic program
  • Development and oversight of annual information security and third-party risk management security goals, methodologies, policies, and key metrics
  • Provide information security program updates and analysis to Executive Management and the Board
  • Identify, define and substantiate the key threats to information assets internally and externally. Strong subject matter experience in cloud and on premises environments/vulnerability testing and development of a risk appetite
  • Oversight of all security polies and procedures, threat prevention, threat detection and an incident response strategy, including an incident response process, escalating security incidents, coordinating and leading investigations and managing the recovery from attacks.
  • Develop control program that proactively identifies threats to the Branch and guides the acquisition of advanced security controls
  • Lead and coordinate, internally and externally, responses to security incidents, providing timely reports during the incident and remediation as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
  • Identify the information security risks of engaging vendors and other third parties who access the Branch systems. Review and assess mitigating control
  • Create and manage a targeted information security awareness training program doe all employees and contractors with established metrics to measure the effectiveness of this security training preprogram.
  • Ability to maintain the highest standard of confidentiality is required with zero trust tolerance
  • Evaluate, disseminate information security rules, laws, and best practices
  • Implement Head Office (“HO”) Information security related projects, exercises, and HO related objectives.