Description:
Join us on our mission to create a completely new, 100% digital bank that truly serves customers’ best interests. We are a close-knit and fun-loving team of seasoned financial services professionals who came together for the challenge of building a bank from scratch – and we are committed to doing it all the right way (from technology infrastructure to modern marketing to customer experience).
We work with the flexibility and speed of a start-up. But we also have significant stability and capital from being part of the SMBC Group (Sumitomo Mitsui Banking Corporation). SMBC is the 2nd largest bank in Japan and the 12th largest bank in the world with operations in over 40 countries. And SMBC is committed to disrupting the US marketplace with ground-Data breaking products.
It’s the best of both worlds, and we are seeking proven marketing leaders to propel us towards a national launch. We have both the ambitious growth plans and the “patient capital” necessary to execute a multi-year plan. Join us on the journey to deliver an exciting concept of evolved banking.
Role Objectives
Manufacturers Bank is looking for a Business Technical Security Architect to support the Bank’s launch of its new consumer digital bank, as well as supporting the day-to-day operation of its enterprise security program. The Business Technical Security Architect will interface with other technical groups and business lines to facilitate definition of user requirements to the Information Security group as well as define and relay security requirements to the business. Directly involved in program and project management activities as well as architecture design and integration activities.
PRINCIPLE DUTIES AND RESPONSIBILITIES:
- Help define the information security vision for the bank, across physical and virtual environments, including bank owned and 3rd party managed platforms.
- Influence and collaborate with business and technical teams around defining appropriate security measures for new products and services.
- Document cybersecurity risks in various mediums to inform various stakeholders across the organization.
- Work directly with the business units to design and facilitate risk assessment and risk management processes.
- Report status and represent the Information Security function on management meetings and other high-profile engagements.
- Create and manage project plans, metrics, and open items tracking for both Information Security activities but also upstream and downstream dependent activities.
- Coordinate with SMBC Information Security and other business lines to synchronize processes, tools, and documentation around Information Security objectives.
- 10% Travel for Occasional Office Visits
Qualifications and Skills
- 8+ years of experience in a combination of risk management, information security and IT jobs – in a highly regulated industry, preferably financial services
- Proven experience developing and implementing information security policies and procedures for consumer banks or fintechs, as well as successfully executing the programs defined in those policies.
- Knowledge of common information security management frameworks, such as CAT, ISO/IEC 27001, PROFILE, and NIST.
- Industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent experience.
- Experience dealing with real-world and simulated cyber-attacks.
- Specific experience in Agile (scaled) software development or other best in class development practices.
- Knowledge of relevant legal and regulatory requirements related to data and information security in the financial services sector. Ability to translate those into policy with monitoring techniques to ensure compliance.
- Experience with contract and vendor negotiations and management including managed services.
- Ability to articulate specific policy and system-level controls – on AWS, Google, and Azure environments.
- Experience explaining information security at all levels – spanning executive management to implementation engineers. Experience in regulatory examinations explaining policies, procedures, and threat responses.
- Innovative thinking and leadership with an ability to influence cross-functional, interdisciplinary teams.
- Excellent written and verbal communication skills and high level of personal integrity
- Proven ability to understand, identify, analyze, and clearly communicate an organization's data and technology risks.
- Able to deliver results in a high-performing, fast-moving, and changing environment.
- Bachelor's degree or equivalent