Cyber Security Risk Manager
Description Summary: The Cybersecurity Risk Manager is responsible for oversight and administration of operational and regulatory risk strategy programs for a business segment. Looking for an experienced Cyber Engineer or Cyber Architect to work as a Risk Manager supporting Huntingtons transformation and use of cybersecurity technologies. As a risk manager, you will work with the Huntington Cyber Operations and Engineering teams to help them design and build technologies utilizing best practices from FFIEC guidance, COBIT, NIST framework, and other recommended best practices. You will be responsible for identifying potential deficiencies, assisting the business segment in audit findings and responses, reviewing remediation plans, and be a trusted advisor to identify risk to the company. Description: Huntington is on a journey to move applications and infrastructure computing to leverage various Cloud provider services and deploy a hybrid cloud and on premises network. This cyber risk position is tasked with partnering with the cyber security segment providing risk support, control and metric design, and overall challenge on various technical implementations. This resource will help ensure cyber offerings are following defined governance processes, standards, and control requirements. As a Cyber Security Risk Manager, you'll be a subject matter expert in cyber security solutions that will balance the need for speed and flexibility of cloud and on premises infrastructure while ensuring Huntington is protected against ongoing and potential security threats. Seeking an individual who has supported financial services and helped assess and develop their cloud strategy, information security/cybersecurity and IT risk management programs against regulatory requirements and industry best practices. This person will be influential in our transition to securing our cloud computing and on premises platforms and help build compliant governance programs. Responsibilities: Provide oversight and challenge to technical configurations, solutions and implementation of cyber security tools, systems, and platforms. Evaluate effective of controls and escalate as appropriate. Direct self-monitoring and testing activities to ensure that they are performed in accordance with Corporate Risk Management requirements. Evaluate the adequacy and effectiveness of enterprise and regulatory controls and the resulting risk and control self-assessments. Deliver timely escalation of all issues requiring attention to senior management. Work with business segment management to ensure that the overall risk function is effectively supporting strategic goals. Collaborate with audit/business segment/corporate risk to address issues with plausible action plans and target dates. Act as the central point for receipt and distribution of important risk information for the business segment and reciprocate the flow of information back to corporate risk management. Ensure business segment adheres to corporate and business unit policies and procedures. Must be aware of and keep abreast of Third-Party risk associated with assigned business segment. Basic Qualifications: Bachelors degree in computer science, cyber security, information technology, computer engineering or equivalent. Five years of any of the combined experience below in Cyber Security, Audit and Risk Management 2. years experience Anti-Virus/Malware. 2 years experience in network security, firewalls, WAF, Tufin or similar. 2 years application and network segmentation. 2 years breach and attack simulation with tools like MITRE ATT&CK, AttackIQ or similar. 2 years in threat management, vulnerability management 2 years using SAST, DAST, IAST, MAST or SCA tools. 2 years as a security engineer or architect. Preferred Qualifications: Excellent communication skills required to negotiate internally, often at a senior level. Some external communication may be necessary. Understanding of FFIEC guidance, COBIT and NIST framework Willingness to learn, able to learn on the job and a desire to continually learn and develop new technical skills Strong written and oral communication skills. Organized, responsive, and highly thorough problem solver demonstrable cyber risk knowledge based on working in real-world environments & situations. Understanding of security requirements, best practices, and execution in various cloud implementation scenarios: IaaS, PaaS, SaaS Mid-level professional with 5-10 years of experience in consulting, financial services, technology/fintech or government regulatory agency with an IT risk-related role. Masters degree or relevant professional qualifications with Risk / Security management. CISSP, CISM, CRISC, CISA, GIAC, CIPP/US or other security/privacy certifications preferred, but not required. #LI-Hybrid #LI-SG1 Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay) Yes Workplace Type: Office Huntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law. Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details. Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position Welcome to Huntington! At Huntington, we look out for people. From reinventing banking with game-changing innovations to building an internal culture that creates lifelong bonds, together, we can make peoples lives better. And amazing things happen when we look out for each other. We prove it every day. Whether its helping a colleague or collaborating on a new tool that will revolutionize the way people save money, our actions can have a huge impact. Our colleagues look out for people with a Can-Do Attitude, Service Heart and Forward Thinking. Those are our valuessimple but powerful. Each of them pushes us do the right thing, to do right by people. Because people are what matter. If that sounds like you, we hope youll apply to join our team. If youd like to learn more about how Huntington looks out for people, visit https://www.huntington.com/lookingout We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of this site or if you require a reasonable accommodation to apply for a job or to perform the essential functions of the job, please send an email to [email protected] Reasonable Accommodations Reasonable Accommodations EEOC Disclaimer EEO is The Law EEO/AA Employer/Minority/Female/Disability/Veteran/Sexual Orientation/Gender Identity EEO is The Law - Supplemental Poster Pay Transparency Pay Transparency Nondiscrimination Provision (dol.gov) CA Data Privacy CA Data Privacy Rights Tobacco Disclaimer Tobacco-Free Hiring Practice Agency Statement Huntington does not accept solicitation from Third Party Recruiters for any position.
Apply Now
Apply Now