Summary:The Information Security Manager ( ISM ) is primarily responsible for assisting the Senior Information Security Manager ( SISM ) to fulfill Dime's security monitoring oversight functions in support of Dime's information security program. This includes operational and tactical responsibilities that ensure standard operating procedures are maintained within Dime's control environment to effectively protect Dime's information assets. Salary commensurate with experience, ranging from $100,000 to $120,000 annually. The exact compensation may vary based on relevant experience, skills, education, training, licensure and certifications, and location. All applicants must attach a recent resume. This is NOT a remote role. Dime does not provide relocation assistance or visa sponsorship (now or in the future).Responsibilities:Overall, the ISM's job is to work with Dime's IT and Risk Management departments and various business units to plan, coordinate and develop recommendations for all aspects of information security policies and procedures for Dime in order to:
- Oversee that system monitoring activities of the IT NSOC (Network Security Operations Center), comply with Dime's information security policies.
- Oversee log and entitlement reviews of critical systems to protect Dime's information assets from internal and external threats.
- Oversee regular vulnerability testing/assessment, social engineering testing, and security evaluations are performed to evaluate the effectiveness of existing controls, including periodic penetration testing of critical information systems.
- Use metrics to measure, monitor and report on effectiveness and efficiency of information security controls and compliance with information security policies, in order to support the annual information security risk assessment.
- Assist in development, maintenance, and testing of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate information security risks and related compliance issues.
- Work with Dime's business units, Internal Audit, vendors, and other systems professionals to ensure policies and procedures are being complied with and to develop recommendations for improvements, ensure that compliance issues and other variances are resolved in a timely manner, and actively apply innovative solutions to advance Dime's information security goals.
- Participate and help coordinate the implementation and roll-out of Information Security systems and software within Dime to verify that Dime's systems are in compliance with Information Security Policies.
Qualifications:
- Bachelor's degree from four-year college or university and minimum three years' related experience and/or training; or equivalent combination of education and experience.
- Knowledge of banking operations and bank policy and procedure development.
- Knowledge of financial services regulatory requirements (FFIEC, GLBA, NYSDFS), and industry standards (NIST, ISO 27001/2).
- CISSP (or comparable certification) preferred or expected within one year of hire.
- Hands-on experience with DLP Prevention tools such as enterprise security tools (i.e., SIEM, vulnerability scanners, firewalls)
- Hands-on experience with enterprise DLP tools (i.e., Varonis, O365 Defender) a plus.
- Experience with Palo Alto, FortiNet EDR, and Darktrace technologies a plus.
- Proficiency with industry standard information security testing and evaluation techniques.Use of Vulnerability Management and Penetration testing tools, (e.g., Rapid 7, Nessus, NMAP, Kali Linux,) a plus.
- Excellent oral and written communication skills.
- Ability to work outside of normal business hours on occasion.
- Superior knowledge of Microsoft Office and database management software.
- Knowledge of computer programs, databases, and systems used in the banking/financial services sectors.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)