Reports to: Chief Information Officer

Responsibilities:

  • Manage the implementation of all aspects of the IT risk function, including processes, tools and systems, to identify, assess, measure, and monitor operating risk in the business lines
  • Build out a technical team to manage:
    • Selection and management of information security tools
    • Monitor automated alerts
    • Evaluate the legitimacy of alerts
    • Determine actions required to resolve legitimate alerts
    • Prioritize and manage the responses to legitimate alerts
  • Maintain key policy documents including, but not limited to:
    • Incident Response Plan
    • Corporate Security Policy
    • Other critical IT policies and procedures
  • Perform risk assessments of business processes and IT systems
  • Serve as point of contact for all internal and external audit efforts
  • Create and conduct security awareness training
  • Create policies and procedures in conjunction with internal legal and audit groups
  • Manage the security review of third party vendors during initial selection and throughout ongoing vendor management
  • Create and maintain the IT control matrix
  • Perform recurring audits of critical IT compliance controls
  • Define critical metrics that will be used to monitor the risk and compliance posture of the organization
  • Create IT risk assessment and provide to upper management on an ongoing basis
  • Other duties as assigned

 Qualifications:

  • Excellent documentation, leadership, and communication skills
  • A leader in developing and improving management reporting
  • Strong analytical and problem solving skill
  • Attention to detail and ability to work independently as well as in a team environment
  • Financial services industry experience desirable
  • Information security industry certificates desirable (CISSP, CISM, QSA, etc)

 Environment:

  • PCI Level 1
  • Safe Harbor
  • SAS 70 /  SSAE 16
  • SOX

Please submit resumes to: recruiting@enovafinancial.com