Information Security Officer

A financial services group holding the above licenses is seeking a highly skilled Information Security Officer (ISO). The ISO will be responsible for developing, implementing, and maintaining a robust information security program that aligns with regulatory requirements and industry best practices. This role requires a deep understanding of cybersecurity frameworks, risk management methodologies, and relevant compliance obligations associated under license MTF, CSD and PFP.

Key Responsibilities:

Strategic Security Leadership

• Develop and maintain the organization’s information security strategy, ensuring alignment with business objectives and regulatory requirements under the MTF, CSD, and PFP license.
• Champion a culture of security awareness and continuous improvement across all departments.

Governance, Risk, and Compliance (GRC)

• Establish and enforce information security policies, standards, and procedures that meet or exceed regulatory standards.
• Perform ongoing risk assessments and audits to identify vulnerabilities, ensuring controls are in place to mitigate threats.
• Oversee compliance with relevant laws, regulations, and guidelines associated with each license.

Security Program Management

• Implement and maintain a comprehensive security program covering incident response, disaster recovery, business continuity, and vendor risk management.
• Coordinate regular penetration testing, vulnerability scanning, and security assessments to identify and remediate gaps.

Incident Detection and Response

• Develop, implement, and test incident response plans to minimize impact in the event of a security breach.
• Lead investigations into potential security incidents and direct containment, eradication, and recovery processes.

Stakeholder & Regulatory Engagement

• Serve as the primary point of contact for internal and external security-related audits and regulatory examinations.
• Collaborate with cross-functional teams (IT, Legal, Risk, Compliance) to address regulatory inquiries and ensure timely reporting.

Training & Awareness

• Design and deliver information security training programs for employees at all levels.
• Promote best practices, compliance awareness, and a proactive security mindset throughout the organization.

Technology & Innovation

• Evaluate emerging technologies and security trends, recommending solutions to enhance data protection and resilience.
• Work closely with IT teams to ensure secure architecture design and system configurations.

Qualifications & Experience

• Education: Bachelor’s degree (or higher) in Computer Science, Information Security, or a related field.
• Professional Certifications (preferred): CISSP, CISM, CISA, CRISC, or equivalent.
• Experience:
• 10+ years of progressive experience in information security and cybersecurity roles.
• Proven track record designing and implementing security programs in highly regulated environments.
• Experience managing audits, assessments, and compliance initiatives tied to financial services licenses.
• Technical Skills:
• Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, COBIT) and data protection regulations.
• Hands-on experience with SIEM, IDS/IPS, endpoint protection, and other security technologies.
• Soft Skills:
• Excellent communication, leadership, and stakeholder management skills.
• Ability to work collaboratively across diverse teams and explain complex security concepts in business terms.