Founded in 1908, CIT (NYSE:
CIT) is a financial holding company with approximately $50 billion in assets as of Dec. 31, 2017. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has approximately $30 billion of deposits and more than $40 billion of assets. CIT provides financing, leasing, and advisory services principally to middle-market companies and small businesses across a wide variety of industries. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A. For more information, visit cit.com.
The Information Risk team sits within CIT's Risk Management organization and serves as the 2nd line of defense to front line technology, operations, and business units for Information and Cyber Security. The team is responsible for governance, oversight, and providing credible challenge to ensure Cyber and Information Security Risks are properly managed and governed within CIT's Information and Cybersecurity Program.
As Vice President, your primary responsibility will be designing, managing, and/or performing scenario based assessments to determine the effectiveness of CIT's program. These activities include coordinating independent penetration tests, leading tabletop exercises, and coordinating cyber war games. Strong Communication skills will be essential as you will need to be able to speak to both technical and non-technical audiences; often translating technical issues to demonstrate risk.
Responsibilities will include:
Participating in regulatory assessments & audits (FFIEC, GLBA, SOX, HIPAA, PCI)
Providing guidance and governance to Information Technology (IT) teams to drive a risk aware culture
Participating in daily security briefing calls
Collaborating with IT Security teams to develop actionable metrics as a result of the Threat & Vulnerability Management program
Coordinating for Incident Response, pulling in and working with appropriate support groups (Legal, IT Security, and HR) as needed.
Bachelor's Degree in Management Information Systems, Information Systems Auditing, other related fields; or equivalent work experience is required
Excellent PC skills and demonstrated proficiency with MS Office Suite.
Ability to work independently with or without direction and/or supervision.
Ability to multitask and prioritize work assignments in a time sensitive environment with flexibility and adaptability in work approach.
Working knowledge of IT Security Technology is preferred but not required (e.g., firewalls, proxies, IDS/IPS, DLP, Vulnerability Scanning Tools)
Familiarity with the Common Vulnerability Scoring System (CVSS) and other Vulnerability Management Databases (e.g., CVE, CWE, NVD) is a plus
Effective organizational skills including attention to detail and the ability to drive change
Effective stakeholder management
Ability to translate regulatory requirements into practical considerations and solutions for GRC processes, risk management, and control management.
Working knowledge of auditing (ISACA), cyber and information security frameworks (NIST, FFIEC, ISO27001, ISO27002), IT Best Practices (ITIL), and regulatory guidance (GLBA, PCI-DSS) is a plus
Familiarity with three lines of defense within a financial institution is required.
Prior experience working with Internal Audit and external regulators (e.g. OCC, FRB) is highly preferred.
Minimum of 7 years of professional experience in a related field
CISSP, CISA, CISM certifications are a plus