Information Security Risk Analyst jobs in New York, NY

Position Title

Location

Job Summary

Job Responsibilities:

JOB RESPONSIBILITIES

• Provide independent, proactive oversight and challenge of cybersecurity and information security risk management at the Bank through execution of risk framework elements and embedded monitoring of key cyber/information security programs.
• Assess and report cybersecurity and information security risk profile based on quantitative and qualitative risk measures and including assessment of effectiveness of planned remediation/mitigation of excess risk exposure.
• Regulatory engagement, including regular supervisory meetings, exams, and sustainable remediation of findings.
• Develop and maintain cybersecurity and information security risk management framework, second line of defense standards and guidelines, in alignment with the Bank’s Risk Governance Framework.
• Talent management functions including: employment, performance evaluations, staff development/training, disciplinary actions, succession planning and ensuring all staff comply with compliance requirements. 
• Uses independent judgement and discretion to make decisions (about the applicability risks and necessary controls).
• Analyzes and resolves problems pertaining to (differing views of risks/controls and due diligence relating to third parties).

ADDITIONAL ACCOUNTABILITIES

• Leads special projects, and additional duties and responsibilities as required.
• Consistently adheres to regulatory and compliance policies and standards linked to the job as listed and complete required compliance trainings.  Accountable to maintain compliance with applicable federal, state and local laws and regulations.

JOB REQUIREMENTS

Required Qualifications:

• Education level required: Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity or relevant field.
• Minimum experience required: 15 Years in Information Technology, Information Security, Cybersecurity risk management or related role.
• Proven experience in senior leadership position in relevant domain, including strategically influencing senior management and key stakeholders.
• 8-10 years’ experience managing high performing teams.
• 5 years’ experience of large bank regulatory oversight.

Preferred Qualifications:

• Industry certifications such as Certified Information Systems Security Professional (“CISSP”), Certified Information Security Manager (“CISM”), Certified Risk and Information Systems Control (“CRISC”) a plus but not required.
• Expertise in Gramm-Leach-Bliley Act (GLBA) requirements and effective GLBA program execution.
• Financial industry experience.

Job Competencies:

• Strong knowledge of cybersecurity frameworks, standards and regulations.
• Expert knowledge in identification, measurement, monitoring and mitigating cyber and information security risks.
• Demonstrated ability to provide outcome-based risk oversight and challenge to first line risk management.
• Strong knowledge of non-financial risk frameworks.
• Excellent verbal and written communication skills, and an ability to effectively translate technical issues for non-technical audiences.
• Strong analytical, troubleshooting, and root cause determination skills. 
• Strong ability to build consensus across diverse teams with competing agendas.  
• Ability to supervise, train, and motivate staff.
• Physical demands (ADA): No unusual physical exertion is involved.

Flagstar is an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identify, or national origin.