Cyber Security Director

Cyber Security Director Location New York, NY :

The Information Technology - Cyber Security Engineer is a senior role responsible for overseeing incident response, managing security tools and engineering, conducting risk assessments, and overseeing information technology electronic platform and project management efforts. The ideal candidate will possess a deep understanding of cybersecurity best practices, demonstrate strong leadership skills, and have the ability to collaborate across departments to ensure the protection of our digital assets.

Essential Duties and Responsibilities:

• Security Tools Engineering: Oversee the implementation and management of security tools and technologies to enhance the organization's cybersecurity posture.
• Collaboration with Technical Teams: Work with technical teams to ensure the effective integration and operation of security solutions.
• Evaluation of Security Solutions: Assess and recommend security solutions and technologies to address evolving threats and vulnerabilities.
• Threat Monitoring: Monitor and analyze threat intelligence feeds to identify emerging threats and vulnerabilities that could impact the organization.
• Incident Response Integration: Collaborate with the security team to integrate threat intelligence into incident response and vulnerability management processes.
• Actionable Insights: Provide actionable insights based on threat intelligence to enhance the organization's security posture.
• Incident Response Management: Lead and manage incident response coordination, ensuring timely detection, investigation, and resolution of security incidents.
• Incident Response Planning: Develop and maintain incident response plans and procedures to ensure preparedness for potential security breaches.
• Post-Incident Analysis: Conduct post-incident analysis to identify root causes and implement measures to prevent future incidents.
• Subject Matter Expert (SME): Serve as a subject matter expert in Electronic Platform and Projects (EPP) management from inception to completion, ensuring alignment with organizational IT security and compliance requirements.
• Vendor Risk Assessments: Conduct thorough risk assessments of third-party vendors to evaluate their security practices and potential risks to the organization.
• Collaboration with Procurement and Legal Teams: Work with procurement and legal teams to ensure that vendor contracts include appropriate security requirements and compliance measures.
• Vendor Monitoring: Monitor vendor performance and compliance with security standards and regulations.
• Project Coordination: Coordinate with cross-functional teams to ensure successful project execution and stakeholder engagement.
• Cybersecurity Strategy Implementation: Collaborate with the Information Technology and Technology Risk Management teams to define and implement the organization's cybersecurity strategy and objectives.
• Guidance and Mentorship: Provide guidance and mentorship to the Information Technology team, fostering a culture of continuous improvement and professional development.
• Industry Trends and Compliance: Stay current with industry trends, emerging threats, and regulatory requirements to ensure the organization remains compliant and secure.

The salary range for this position will be between $175,000 - 225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.

Required Skills/Qualifications/Experience

Bachelors degree Strong understanding of information security principles and frameworks. Proven experience with risk assessment tools and methodologies. Knowledge of relevant cybersecurity standards and frameworks (e.g., NIST, FFIEC, ISO/IEC 27001, CIS, etc.). Familiarity with relevant regulations (e.g., FFIEC, NYSDFS, GDPR, DORA, etc.). Expertise in using cybersecurity tools and platforms (e.g., SIEM, IAM, PAM, GRC, EDR, IPS/IDS, etc.). Excellent analytical and problem-solving abilities. Strong communication and presentation skills, with the ability to convey complex concepts to various audiences. Relevant certifications such as CRISC, CISM, or CISSP are highly preferred.