Founded in 1908, CIT (NYSE: CIT) is a financial holding company with approximately $50 billion in assets as of Dec. 31, 2017. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has approximately $30 billion of deposits and more than $40 billion of assets. CIT provides financing, leasing, and advisory services principally to middle-market companies and small businesses across a wide variety of industries. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A. For more information, visit cit.com.
Reporting into the Head of Information Risk; the Information Risk team sits within CIT’s Risk Management organization and serves as the 2nd line of defense to front line technology, operations, and business units for Information and Cyber Security. The team is responsible for governance, oversight, and providing credible challenge to ensure Cyber and Information Security Risks are properly managed and governed within CIT’s Information and Cybersecurity Program.
As Assistant Vice President, the primary responsibility will be designing, managing, and/or performing scenario based assessments to determine the effectiveness of CIT’s program. These activities include coordinating independent penetration tests, leading tabletop exercises, and coordinating cyber war games. Strong Communication skills will be essential as you will need to be able to speak to both technical and non-technical audiences; often translating technical issues to demonstrate risk.
- Participate in regulatory assessments & audits (FFIEC, GLBA, SOX, HIPAA, PCI)
- Provide guidance and governance to Information Technology (IT) teams to drive a risk aware culture
- Participate in daily security briefing calls
- Collaborate with IT Security teams to develop actionable metrics as a result of the Threat & Vulnerability Management program
- Coordinate for Incident Response, pulling in and working with appropriate support groups (Legal, IT Security, HR) as needed.
- Bachelor’s Degree in Management Information Systems, Information Systems Auditing, other related fields; or equivalent work experience is required
- Minimum of 5 years of professional experience in a related field
- CISSP, CISA, CISM certifications are a plus
- Excellent PC skills and demonstrated proficiency with MS Office Suite.
- Ability to work independently with or without direction and/or supervision.
- Ability to multitask and prioritize work assignments in a time sensitive environment with flexibility and adaptability in work approach.
- Working knowledge of IT Security Technology is preferred but not required (e.g., firewalls, proxies, IDS/IPS, DLP, Vulnerability Scanning Tools)
- Familiarity with the Common Vulnerability Scoring System (CVSS) and other Vulnerability Management Databases (e.g., CVE, CWE, NVD) is a plus
- Effective organizational skills including attention to detail and the ability to drive change
- Effective stakeholder management
- Ability to translate regulatory requirements into practical considerations and solutions for GRC processes, risk management, and control management.
- Working knowledge of auditing (ISACA), cyber and information security frameworks (NIST, FFIEC, ISO27001, ISO27002), IT Best Practices (ITIL), and regulatory guidance (GLBA, PCI-DSS) is a plus
- Familiarity with three lines of defense within a financial institution is required.
- Prior experience working with Internal Audit and external regulators (e.g, OCC, FRB) is highly preferred.