- Lead the development and maintenance of the technical IT cyber capabilities including all phases of the software development lifecycle and software stack which includes threat modeling of application designs static application security testing SAST software composition analysis SCA dynamic application security testing DAST and penetration testing
- Policy and Strategy Implementation Implement objectives and policies established by the SAA and CIO executive leadership contribute to the formulation and execution of short and long term cybersecurity goals
- Develop and implement a holistic cybersecurity defense strategy aligned with business objectives regulatory requirements and industry best practices
- Develop and lead a cloud security and technology transformation strategy by building and driving a team of security architects and engineers focused on delivering security capabilities into the organization s CI CD pipelines and hybrid multi cloud environment
- Collaborate with senior management across departments to integrate Infrastructure and Identity security practices into the organizational fabric fostering a security first mindset including Identity Governance Access Management MFA Privileged Access Management IAM Engineering Customer IAM governance email security network security endpoint protection AI security and perimeter security
- Strong technical expertise in cybersecurity technologies including SIEM IDS IPS endpoint protection encryption and identity management
- Deep understanding of regulatory requirements and compliance standards relevant to the financial services sector e
- g
- FFIEC PCI DSS GLBA
- Cloud Security Program Management 10 12 years developing leading and delivering a cloud security program in a large highly regulated environment
- Cloud Security Tool Portfolio Management 10 12years experience in successfully implementing a comprehensive enterprise class cloud security tools portfolio including CASB CSPM CWPP CNAPP and other relevant solutions
- Governance Risk and Controls GRC 3 5 years demonstrating ability to work across lines of defense to define and drive the success criteria needed to guide execution as an enterprise control function in meeting the expectations from authoritative sources e
- g
- NYDFS GLBA NIST FFIEC
- Security certifications e
- g
- CCNA Security GSEC GCED GPPA etc
- Technical Certifications e
- g
- CCNA RHCE MCSE etc
Foundational->Cybersecurity Competency Management->Cyber Competency Strategy Planning,Technology->Application Security->Application Security - ALL,Technology->Cloud Security->AWS - GRC,Technology->Identity Management->IAM Architecture Consultancy,Technology->Infrastructure Security->Infrastructure Security - ALL,Technology->Infrastructure Security->Security Incident and Event Management (SIEM),Technology->Infrastructure Security->SOC Operations
