Senior Manager, Information Security Risk Manager
Make Next Happen Now. For more than 30 years, Silicon Valley Bank (SVB) has helped innovative companies and their investors move bold ideas forward, fast. SVB provides targeted financial services and expertise through its offices in innovation centers across the world. With commercial, international and private banking services, SVB helps address the unique needs of innovators. Senior Manager - Information Security Risk Manager
As a Senior Manager - Information Security Risk Manager you will assist with the following:
- Test effectiveness of security controls as prescribed by SVB's Security Policy and Standards, regulatory compliance (e.g. FFIEC Cybersecurity Assessment Tool), the CIS Critical Security Controls, and ISACA's COBIT 5.
- Working with cross-functional team members, assist with the execution of the Continuous Security Validation Program.
- Perform design reviews, control testing, and risk assessments for AWS and Azure environments.
- Assist with the evaluation the impact of new and changing legal and regulatory requirements to the Security Office, identify and remediate potential gaps within the Information Security Program, and communicate to affected policy owners.
- Facilitate the management and reporting of information security risks.
- Ensure risk issues and corresponding action items are effectively remediated and evidenced.
- Work with managers across all business unit functions to resolve risk issues as appropriate.
- Provide oversight and management of third-party testing to ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements.
- Ensure that controls are adequate to meet Security Policies; conduct assessments and audits based on laws and regulatory expectations (GLBA, FFIEC, PCI-DSS, SWIFT CSP, NIST, CIS Critical Security Controls, etc.).
- Design and implement accurate and thorough governance gaps assessments to applicable laws, rules, regulations, and industry practices.
- Provide key insights and quantified risk analysis for Executive Management to facilitate security-related decision making and justify needed improvements of the Security Program including its scope, policies, objectives, controls, processes, and procedures.
- B.A. or B.S. degree in Information Security, Computer Science or similar field or equivalent work experience in IT audit, information security, privacy, or related field.
- Must have 7 + years of work experience in Information Security, Privacy, Audit, Risk, and/or Compliance. Previous Big 4 experience a plus.
- Experience auditing and assessing AWS and Azure a plus.
- Direct experience with regulated systems (GLBA, SOX, FFIEC, PCI-DSS) in the financial industry a plus.
- Strong verbal and written communication skills - experience in Audit/Compliance/Regulatory discussions.
- CISSP, CISA, CRISC, CISM, GCCC, CIPP, GIAC Certifications preferred.
- Technical experience in IT and security tools.
- Experience with GRC applications. Lockpath Keylight skills are desirable.
- Demonstrated capacity to learn, intellectual honesty and independent thinking.
- Direct experience working in a first or second line risk role within a financial institution, or consulting experience advising financial institutions on the implementation of effective Risk Management programs.
- Dedicated team player.
- Demonstrated project management, analytical and problem-solving skills.
- Ability to collaborate, negotiate, influence and build consensus across the organization.