|Date Posted||July 1, 2019|
Be a leading part of a team that, every day, strives to become a best-in-class security function that adds value by educating our employee and clients around all aspects of security. KeyCorp’s Information Security Department works with all areas of KeyCorp to identify, assess, monitor, test and report security related risks throughout KeyCorp and its subsidiaries.
- Responsible for oversight of all regulatory and internal reviews, audits, and exams. Serves as the liaison for Corporate Information Security regulatory interaction and partners with second and third line of defenses within Key.
- In partnership with Key’s risk partners, evaluate new regulatory and state laws and, if necessary, development and execution oversight of a Corporate Information Security compliance plan to achieve compliance within defined timeline.
- CIS Gramm Leach Bliley Act (GLBA) liaison, partnering with Key’s risk partners, on oversight of Key’s GLBA risk assessment and reporting processes to ensure information security program requirements are met.
- Responsible for cybersecurity risk analysis strategy, utilizing the Factor Analysis of Information Risk model, to enable Key to make well informed decisions around vulnerability analysis and impact, threat mitigation comparisons and prioritization, and return on investment in the form of risk reduction on security spend.
- Provide oversight cybersecurity risk management executive reporting.
- Responsible for maintaining they cybersecurity risk and control self-assessment (RCSA) and for ensuring. appropriate cybersecurity risks and controls are documented and tested within the risk and control catalogue to maintain Key’s risk posture.
- Partner with Legal and Corporate Insurance lines of business within Key to participate in cybersecurity underwriting events and ensure appropriate cyber risk insurance is maintained.
- Partner with Legal to ensure appropriate contract language, in line with cyber risk trends, is applied to reduce Key’s cybersecurity risk exposure with third and fourth party partners.
- Participate in projects to provide cybersecurity risk oversight and guidance.
- Bachelor’s degree preferred.
- 5+ years of security risk management experience, technology-related experience, consulting, compliance/operational risk, and/or banking experience.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regunations, policies, and ethics as they relate to cybersecurity and privacy within the financial services industry.
- Knowledge of cyber threats and vulnerabilities and cyber defense controls.
- Knowledge of information technology security principles and methods (e.g., firewalls, demilitarized zones, encryption, etc.).
- Excellent interpersonal, facilitation, negotiation, customer service and relationship management skills.
- Results oriented, self-starter with ability to work with general direction.
- Ability to manage competing priorities.
- Five or more years of information security related experience
- Professional Security Certifications (CISSP, CISA, etc.,) preferred but not required
- Working knowledge of the Factor Analysis of Information Risk (FAIR) cybersecurity risk management ontology.
- Working knowledge of industry leading Governance, Risk, and Compliance(GRC) Management tools.
- Cross-functional knowledge of Key business units.
- Proven ability to work with high-level internal clients.
- Demonstrated ability to prepare management level reporting.
KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to engaging a diverse workforce and sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.