Operations Lead: Attack Surface & Vulnerability Management

Job Description:

The Global Information Security (GIS) Cyber Security Assurance (CSA) organization is a true global operations shop with leading edge tools, processes, and people. This role will be responsible for managing diverse administrative, operational and audit/exam response and risk management functions for the Attack Surface & Vulnerability Management (ASVM) team. Further, this role is responsible for the evaluation and management of a portfolio of audit issues including development, tracking, Quality Assurance (QA) and sustainability of controls.

The role will:

• Support the ASVM Executive on oversight and governance activities and tracking of team operations and strategic priorities.
• Drive operational oversight related to the team’s Risk and Audit portfolio.
• Partner with SMEs (inside and outside ASVM) to ensure timely and accurate responses to Internal and External Audit
• Adhere to and support bank processes for identifying and escalating risk items for review and debate

Required Skills:

• Seven (7) or more years of Business Operations or related experience.
• Information Security, Internal Audit, or Control Function background is a plus.
• Experience interfacing directly, or indirectly, with Audit, Operational Risk, and Global Compliance functions
• Understanding of Risk Management concepts
• Ability to balance and prioritize multiple needs, requests, and objectives
• Ability to work independently in fast paced and dynamic environment with several competing priorities
• Outstanding communication and presentation skills (verbal and written)
• Ability to prepare materials and present to Executive Leadership or Executive Committees
• Strong interpersonal and relationship building/managing skills
• Ability to lead cross-functional discussions and drive decisions to consensus
• Critical thinking/analytical skills and intellectual curiosity
• Strong analysis and evidence-based decision-making
• Self-motivated and ability to operate with limited direct oversight
• Naturally curious with the ability to quickly become an authority with the data and systems used
• Process oriented with keen attention to detail
• Strong time-management skills

Desired Skills

• Comfortable working with ambiguity and rapidly changing priorities
• Ability to effectively interact with all levels of management
• CISSP or CRISC

Enterprise Role Overview:

Leads the analysis, implementation, execution and improvement of proactive security controls to prevent external threat actors from infiltrating company information or systems. Conducts research and provides leadership updates regarding advanced attempts/efforts to compromise security protocols. Maintains or reviews security systems and assesses security policies that control access to systems. Provides status updates and recommendations to the leadership team regarding the impact of theft, destruction, alteration or denial of access to information. Follows standard practices and procedures in analyzing situations or data. Typically has 5-10 years of relevant experience and will act as an individual contributor.

Shift:

Hours Per Week: