Amalgamated Bank seeks a dedicated Chief Information Security Officer to be responsible for designing and implementing the Bank’s Information Security program while protecting the business from cyber security threats. This is a hybrid role reporting to our NYC headquarters.

Essential Job Functions:

• Develop and maintain an Enterprise Information Security Program
• Design a critical response process for Cyber Security incidents
• Identify, report and control Cyber Security incidents
• Manage and train Information Security staff and develop and deliver Information Security training to the Bank’s employees
• Continuously monitor threats to the Bank’s operating environment
• Approve and administer identity access policies
• Maintain a current understanding of the IT and Cyber Security threat landscape for the industry
• Ensure Bank compliance with relevant Information Security laws and applicable regulations
• Lead, and assess the results of periodic security tests, including internal and external penetration testing and phishing 
• Schedule table-top exercises for Crisis Team and senior management and report findings to management, including implementation of recommendations
• Review and approve Information Security policies, procedures and controls

• Ensure that they are kept current and are communicated to staff/consultants
• Ensure staff/vendor compliance with the Bank’s security policies and procedures

• Manage a team of employees, contractors and vendors involved in Information Security
• Brief the Executive Team on status and risks, overall strategy and necessary budget
• Communicate best practices and risks to the Bank
• Perform a risk assessment of the Bank’s vulnerabilities in the Cybersecurity landscape and develop the Bank’s risk appetite for Information Security 
• Develop Key Risk Indicators (KRIs) and dashboard metrics reporting to both the Management Team and the Board of Directors
• Establish strong working relationships with the Heads of IT and business lines
• Develop and present quarterly reports to the Board of Directors.

Knowledge, Skills and Experience Requirements:

1. Master’s degree or equivalent experience
2. Minimum of ten (10) years of experience, at least five (5) years focused on managing information security in a complex, matrixed environment
3. Extensive experience in regulated industries, especially financial services; banking experience is preferred
4. Proven ability to create and maintain enterprise-level information security programs
5. Motivated individual with strong analytical, problem solving and root cause analysis skills
6. Ability to work on multiple, time-critical projects simultaneously
7. Knowledge of Data Privacy Laws
8. Working knowledge of information security engineering concepts and principles 
9. Familiarity with DFS 500 and similar regulations
10. Experience working with external regulators, including NY DFS and FDIC
11. Excellent verbal and written communications, including presentation of complex data in easily, understood ways
12. Ability to confidently interact at multiple levels in the organization and lead cross-departmental team projects
13. Experience presenting to senior levels, including Board of Directors
14. CISSP, CISA or CISM designations preferred

Our job titles may span more than one career level. The starting base salary for this role is between $240,000.00 – $270,000.00. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.