Job Description

The Information Security Manager (ISM) Program Director will focus on key strategic programs to build, implement and measure controls for a recent business acquisition. This role will own all facets of program development, execution, governance, and reporting and will proactively drive the adoption of CTC products to leverage CTC's full range of capabilities into the business (and conversely to ensure business requirements are being incorporated into CTCs product capabilities). The candidate will also be expected to influence effective risk & control management practices, provide governance and support to technology businesses through risk consultancy, identification of control weaknesses and recommendations for improvement opportunities, as well as providing training and reporting of risk issues.

Responsibilities include:

Understand the firms Cybersecurity and Technology Controls (CTC) agenda and product capabilities, technology agendas, work with ISM leads, Heads of Technology (HoTs), Chief Technology Officers (CTOs) and their management teams to drive a comprehensive control agenda

Identify requirements needed for uplift, and identify critical challenges to achieving end-state operating model

Define control integration agenda, timelines, resource allocation, and prioritization

Oversee the delivery of services performed by CTC product teams, drive stakeholder engagement and gain consensus on awareness and adoption

Develop and maintain strong business and technology relationships

Interface with Business Control Managers teams to ensure technology risk impacting the business is effectively tracked and communicated

Required Qualifications

This role requires a wide variety of strengths and capabilities, including:

15+ years of experience in Cybersecurity and Technology roles in financial institutions

Strong leadership skills with exceptional communication and presence

Ability to work collaboratively & translate business and user requirements in to technology and architecture plans

Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business

Excellent command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including monitoring and response

Strong influence and negotiating skills, and the ability to overcome barriers and resistance to execute against strategic plans

Ability to resolve conflict with a proven ability to facilitate and/or make complex decisions based on experience, analysis and judgment

Excellent project management skills and experience managing global projects across multiple lines of business and/or stakeholder organizations

Able to successfully operate across regions, business and functions with demonstrable strong negotiation, influencing and relationship skills

Experience working in agile environment, and driving continuous improvement.

Ability and willingness to learn new technologies in a rapidly changing environment