Enterprise Risk Manager

  • IEX
  • New York, NY, United States
  • Dec 02, 2017
Full time Risk

Job Description

IEX is currently looking to hire an Enterprise Risk Manager. In this role, you will be responsible for managing the Information Security Risk Program including vulnerability detection and remediation, vendor risk, corporate threat-risk analyses, and enterprise risk. Strong analytical and problem solving skills with a meticulous attention to detail are a must have for this role. If you are looking to join a high-growth Fintech firm, and are driven by our mission of promoting a fair, simple, and transparent stock exchange – come join us!

About you:

  • Excellent analytical, critical thinking, and problem solving skills
  • Self-starter who is proactive and entrepreneurial
  • Organized and detail-oriented
  • Cross-functional team player

What you’ll do:

  • Enhance the three-tier Information Security Risk Program
    • Organizational
    • Mission/business process
    • Technology
  • Vulnerability management
    • Management of third party and internal penetration testing
    • Network scans
    • Security patch management
    • Automated application security testing
  • Vendor Risk Management Program
    • Initial vendor triage
    • Deep dives into high and medium-risk firms with information security questionnaires and meetings
    • Maintain overall vendor risk register
    • Annual update of high-risk vendors
  • Corporate information security threat-risk analysis
    • Update and expand annual process
  • Enterprise risk management
    • Manage quarterly updates
  • SSAE-16 type II gap assessment and remediation
  • Manage annual Regulation SCI assessment
  • Answer member-initiated information security vendor review requests
  • Information security evidence co-ordination with auditors and regulatory team
  • Business continuity management
    • InfoSec war games
    • Disaster recovery exercises

Your background:

  • 5-10 years of information security and risk management experience
  • CISSP or CISM certification
  • CRISC or similar risk certification
  • Experience with industry-standard information security risk frameworks
  • Understanding of compliance requirements (FFEIC, Reg SCI, HIPPA)
  • Regulatory examinations experience (SEC, OCC, FRB, FDIC)
  • Experience with SSAE-16 SOC1/2 reviews and external auditors
  • Understanding of information security technologies (SIEM, DLP, firewalls, networking, TCP/IP)