Principal-Information Security Officer

Job Purpose:

Support the NY Head of Information Security in maintaining the branch’s information and cyber security posture. Assist in implementing and maintaining information security policies, procedures, and controls. Participate in security assessments, monitoring activities, reporting, and compliance tracking. Develop foundational expertise in regulatory, technical, and governance aspects of information security under mentorship.

Responsibilities:

• Assist in the identification and assessment of local regulatory and compliance requirements related to Information and Cyber Security, including OCC and CIMA expectations, and support timely communication to the Group ISO.


• Support periodic access reviews, risk assessments, and compliance tracking

activities.

• Maintain documentation and evidence to support internal audits, regulatory exams, and management reporting.


• Assist in tracking remediation actions for identified gaps and issues.

• Support security assessment activities, including:
  
  
  
  • Vulnerability scanning
  
  
  • Application security reviews
  
  
  • Infrastructure and configuration reviews
  
  
  • Third-party/vendor security assessments
  
  


• Track assessment results, remediation plans, and exceptions using designated tools (e.g., Remedy or equivalent).


• Assist in maintaining the Vulnerability Assessment Dashboard and exception tracking.

• Coordinate with the outsourced Security Operations Center (SOC/MSSP) for:
  
  
  
  • Log review follow-ups
  
  
  • Alert tracking
  
  
  • Incident documentation 
  
  

• Assist in monitoring security alerts and escalating issues in accordance with defined procedures.


• Support maintenance of incident records and post-incident documentation.

• Assist in reviewing and updating information security policies, procedures, and guidelines under the direction of the NY ISO.


• Help ensure NY policies, standards and procedures align with Group ISO policies, standards, procedures and evolving cybersecurity risks.


• Support the planning and delivery of information security awareness and training programs for employees, contractors, and third parties.

• Maintain accurate IT asset inventories required for security assessments.


• Support evaluation of new technologies and vendors, including documentation and Proof-of-Concept activities.


• Assist in tracking the effectiveness of patch management and system hardening activities.

• Collect data for security metrics, KRIs, and KPIs as defined by management.


• Prepare draft reports and presentations for internal stakeholders and management review.


• Maintain organized records of security initiatives, assessments, and control testing results.

Qualifications and Experience:

• Bachelor’s degree in Information Technology, Cybersecurity, Information Systems, or related field.


• 5–7 years of experience in information security, IT risk, audit, or IT operations (financial services preferred).


• Entry-level or working toward professional certifications such as:
  
  
  
  • Security
  
  
  • CISA (Associate)
  
  
  • ISO 27001 Foundation
  
  
  • CISSP (Associate)
  
  

Skills Essential:

• Strong written and verbal communication skills.


• Ability to follow structured processes and document results accurately.


• Basic understanding of:

• Information security principles


• Risk management concepts


• Vulnerability management

• Willingness to learn regulatory and compliance requirements.


• Ability to manage multiple tasks with supervision.