Cyber Risk Manager - Data Protection
Company: Huntington Bancshares, Inc.
Location: Chicago
Posted on: October 28, 2024
Job Description:
DescriptionCyber Security Risk ManagerSummary: The Cybersecurity
Risk Manager - Data Protection is responsible for oversight and
administration of operational and regulatory risk strategy programs
for Data Protection.Looking for an experienced Cyber Engineer or
Cyber Architect to work as a Risk Manager supporting Huntington's
transformation and use of cybersecurity technologies. As a risk
manager, you will work with the Huntington Cyber Operations and
Engineering teams to help them design and build technologies
utilizing best practices from FFIEC guidance, COBIT, NIST
framework, and other recommended best practices. You will be
responsible for identifying potential deficiencies, assisting Data
Protection in audit findings and responses, reviewing remediation
plans, and being a trusted advisor to identify risk to the
company.Description: Huntington is on a journey to move
applications and infrastructure computing to leverage various Cloud
provider services and deploy a hybrid cloud and on-premises
network. This cyber risk position is tasked with partnering with
the cyber security segment providing risk support, control and
metric design, and overall challenge on various technical
implementations. This resource will help ensure cyber offerings are
following defined governance processes, standards, and control
requirements. As a Cyber Security Risk Manager, you'll be a subject
matter expert in cyber security solutions that will balance the
need for speed and flexibility of cloud and on-premises
infrastructure while ensuring Huntington is protected against
ongoing and potential security threats. Seeking an individual who
has supported financial services and helped assess and develop
their cloud strategy, information security/cybersecurity, and IT
risk management programs against regulatory requirements and
industry best practices. This person will be influential in our
transition to securing our cloud computing and on-premises
platforms and help build compliant governance
programs.Responsibilities:
- Provide oversight and challenge to technical configurations,
solutions and implementation of cyber security tools, systems, and
platforms.
- Evaluate effectiveness of controls and escalate as
appropriate.
- Direct self-monitoring and testing activities to ensure that
they are performed in accordance with Corporate Risk Management
requirements.
- Evaluate the adequacy and effectiveness of enterprise and
regulatory controls and the resulting risk and control
self-assessments.
- Deliver timely escalation of all issues requiring attention to
senior management.
- Work with business segment management to ensure that the
overall risk function is effectively supporting strategic
goals.
- Collaborate with audit/business segment/corporate risk to
address issues with plausible action plans and target dates.
- Act as the central point for receipt and distribution of
important risk information for the business segment and reciprocate
the flow of information back to corporate risk management.
- Ensure business segment adheres to corporate and business unit
policies and procedures.
- Must be aware of and keep abreast of Third-Party risk
associated with assigned business segment.Basic Qualifications:
- Bachelor's degree in computer science, cyber security,
information technology, computer engineering or equivalent.Five
years of any of the combined experience below in Cyber Security,
Audit and Risk Management:
- 1 year experience with Broadcom Data Loss Protection (DLP) or
similar tool.
- 1 year experience with Varonis or similar unstructured data
tool.
- 2 years' Data Protection operations or governance.
- 1 year breach and attack simulation with tools like MITRE
ATT&CK, AttackIQ or similar.
- 1 year in Cryptography like Key Management and Cert
Management.
- 2 years' as a Security Engineer, Architect, Risk, or
Audit.Preferred Qualifications:
- Excellent communication skills required to negotiate
internally, often at a senior level.
- Some external communication may be necessary.
- Understanding of FFIEC guidance, CRI and NIST framework.
- Willingness to learn, able to learn on the job and a desire to
continually learn and develop new technical skills. Strong written
and oral communication skills.
- Organized, responsive, and highly thorough problem solver with
demonstrable cyber risk knowledge based on working in real-world
environments & situations.
- Understanding of security requirements, best practices, and
execution in various cloud implementation scenarios: IaaS, PaaS,
SaaS. Mid-level professional with 5-10 years of experience in
consulting, financial services, technology/fintech or government
regulatory agency with an IT risk-related role.
- Master's degree or relevant professional qualifications with
Risk / Security management.
- CISSP, CISM, CRISC, CISA, GIAC, CIPP/US or other
security/privacy certifications preferred, but not required.Exempt
Status: Yes (not eligible for overtime pay)Workplace Type:
HybridHuntington is an equal opportunity and affirmative action
employer and is committed to providing equal employment
opportunities for all regardless of race, color, religion, sex,
national origin, age, disability, sexual orientation, veteran
status, gender identity and expression, genetic information, or any
other basis protected by local, state, or federal law.Tobacco-Free
Hiring Practice: Visit Huntington's Career Web Site for more
details.Agency Statement: Huntington does not accept solicitation
from Third Party Recruiters for any position.
#J-18808-Ljbffr
Keywords: Huntington Bancshares, Inc., Waukesha , Cyber Risk Manager - Data Protection, Executive , Chicago, Wisconsin
Didn't find what you're looking for? Search again!
Loading more jobs...