Head of Information Security

  • Employer: Commerzbank
  • Location: New York, US
  • Salary: Competitive

Exercises managerial responsibility over regional GS-SE (Information Security) resources and operations in a prudent and ethical manner. Provides a departmental structure that supports Commerzbank AG's regional and global business objectives and regulatory requirements while aligning the North America GS-SE operations model with the global GS-SE operations model.

Job description:

Additionally acts as the New York Information Security Officer (ISO) and Data Protection Officer, managing all Information Security aspects in coordination with GS-SE Frankfurt and the global Group Security processes.

Essential Duties and Responsibilities:

  • Builds, leads and manages the local GS-SE team (including the management of all project activities) in agreement with the Global Functional Lead and the Head of Services North America:
    • The Information Security and Data Protection Officer for the NY branch and member of their Councils
    • Manages Information Security risk and compliance with Information Security Policy Framework
    • Conducts local information security assessments and training in NY
    • Oversees the performance of the Security Analysis Management process for NY
    • Implements processes and procedures to manage the security logging and monitoring process in the region in line with global guidelines
    • Oversees the Business Continuity Management for the branch including policies and procedures, regular updates of plans and documentations, BC testing and related reporting. Owns the emergency evacuation procedures
    • Executes governance of physical security (policies & procedures), reviews GS-OR's execution of their physical security tasks
    • Ensures steps are taken to correct any identified breaches, violations, risks or incidents, tracks the progress / status and reports on it
    • Ensures team acts as source for technical expertise, provides expert advice and guidance on information security and data protection, demonstrating sound commercial judgments and a thorough understanding of the business
    • Proactively liaises with the Head of IT New York and his management team to set security standards and policies for relevant IT processes
  • Stays abreast with current trends and regulations as well as the latest technical risks facing financial institutions and popular intrusion techniques and their countermeasures
  • Implements and executes a system of internal controls ensuring
    • Operations are effective and efficient
    • Assets are safeguarded
    • Audit findings are resolved in a timely and proactive manner
    • Financial information is reliable and
    • Applicable laws, regulations, policies, and procedures are complied with
    • Develops / implements strategies and business
  • Efficiently manages the GS-SE New York resources in accordance with budgetary constraints
  • Manages GS-SE New York team, including recruiting, professional development, objective setting, performance management etc.
  • Promotes an environment that encourages cooperation, collaboration and creativity
  • Represents the organization internally and externally as appropriate

Experience /Qualifications/Education:

  • Extensive management experience in Information Security
  • Master degree in Information technology or equivalent professional experience
  • Certifications as of at least two of the following:
    • CISSP
    • CISM
    • CISA
    • GCIA
    • ACSA
    • CBM
    • SANS
    • 6-Sigma Belt
  • Sound understanding of frameworks and standards such as
    • COBIT
    • ITIL
    • ISO 2700x family
  • Excellent know-how of Security/IAM solutions, complex security architectures, endpoint security, IOP protocol suite
  • International project or product management experience
  • Excellent written and presentation skills; experienced in presenting security risk and issues in layman terms to senior management
  • Strong relationship building skills for local and global cooperation and team orientation
  • Basic understanding of the European Data Protection Directive
  • Very good analytical and problem solving skills; creative and forward looking method of operations
  • Ability to organize and prioritize under pressure
  • Ability to manage and track work projects including scope, budget, staffing and time frame
  • Registered Operations Professional (FINRA Series 99)
  • Business Continuity experience
  • German language skills not required but welcome

Job Reference: HoIS

  • Commerzbank