Information Security Officer (ISO), Vice President
Location:
Boston , Massachusetts
Posted:
November 24, 2017
Reference:
174204
The Information Security Officer (ISO) shall manage day to day execution of the ISO Program and be directly responsible for compliance with the ISO Framework across the LCARS organization globally. This candidate will report to the LCARS Corporate Governance Director in Boston.
Under the direction of the LCARS Corporate Governance Director the primary responsibility will be to enhance and/or develop and implement policies and procedures for effective ISO Program; ensure documentation of processes are in place and are accurate; communicate requirements and lead training efforts to increase comprehension as necessary; and perform periodic program certifications. Other responsibilities include but are not limited to coordinating with the teams Business Continuity Directory and Privacy Officer to provide support and collaboration as needed. This role will function as an Alternative BCD. As well as assist/support other initiatives in the office of the LCARS CAO.
The individual must be comfortable working closely with senior LCARS executives as well as members of the Privacy Office Corporate Information Security (CIS) Network and the Global Continuity Services (GCS) Team.
Major Responsibilities:
    \t
  • \t\tResponsible for driving and monitoring compliance throughout LCARS and promoting awareness of information security controls.
  • \t
  • \t\tProvides strategic planning and oversight of the information security activities as well as coordinates issues escalations and security recommendations from the various divisions within LCARS.
  • \t
  • \t\tFacilitates communication between LCARS and Corporate Information Security (CIS)
  • \t
  • \t\tIntegrates information security requirements into procedures and processes to enable compliance with the corporate information security program
  • \t
  • \t\tAssesses information security risks and controls related to business operations and information technology and provides approval as required
  • \t
  • \t\tManages remediation of identified business control failures (including CATS/audit issues); supports business lines in developing responses
  • \t
  • \t\tEstablishes and maintains an information security awareness and training program within LCARS
  • \t
  • \t\tEstablishes and maintains a communication model to deliver program policy and control updates
  • \t
  • \t\tFacilitates consults and advises on procedures and controls in support of maintaining CIS Policy and Controls
  • \t
  • \t\tPerforms reporting of related information security status to senior LCARS management
  • \t
  • \t\tParticipates in security incident response program to detect and to respond to incidents in a timely manner
  • \t
  • \t\tIdentifies and communicates known security control issues to senior management
  • \t
  • \t\tReviews and approves non-standard access for high-risk access (e.g. blocked web sites mass storage application access non-standard device and non-expiring passwords process and system IDs)
  • \t
  • \t\tPursues personal development in the field of information security; maintains up to date information security skills
  • \t
  • \t\tManages the onboarding of new applications and removing applications from the Access Control Board high risk applications list
  • \t
  • \t\tParticipates in appropriate meetings per the CIS/ISO Network Interaction Model
  • \t
  • \t\tMaintain oversight and ensure compliance of ISRMPs for all of LCARS
Business Continuity
    \t
  • \t\tServes as GCS point of contact when the BCD is unavailable for any identified issues/risks within the line of business
  • \t
  • \t\tSupport the BCD during the annual certification process for all LCARS divisions participating in and utilizing tools provided by GCS
  • \t
  • \t\tPrepared to manage the LCARS organization through an incident and engage the Crisis Management Team when necessary
Designated Privacy Officer
    \t
  • \t\tServe as Privacy Office point of contact when the DPL is unavailable for any identified privacy issues within LCARS
  • \t
  • \t\tSupport the DPL during the annual certification process for all LCARS divisions participating in and utilizing tools provided by the Corporate Privacy Office

    \t
  • \t\tExperience working with global privacy and compliance standards information security frameworks and business continuity plans
  • \t
  • \t\tPreferred understanding of financial services organization
  • \t
  • \t\tStrong project planning and management experience
  • \t
  • \t\tProven ability to establish and manage "dotted-line" business relationships to deliver agreed outcomes/deliverables
  • \t
  • \t\tAbility to work effectively with all levels of personnel across the organization
  • \t
  • \t\tProven ability to communicate clearly and appropriately based on audience with excellent facilitation and customer service skills
  • \t
  • \t\tProven interpersonal coordination and communication skills
  • \t
  • \t\tAbility to be flexible and work effectively with ambiguity and change


A little about us:
We hire veterans to help us transform--improve and innovate--the way we run our business to face industry challenges head-on.

Know someone who would be interested in this job? Share it with your network.