CIT Group Inc.

  • VP, Information Risk Management

    Location US-NJ-Livingston
    Job ID
    # Positions
    Job Family
    Risk Management - IT Risk Information Security
  • Overview

    Founded in 1908, CIT (NYSE: CIT) is a financial holding company with approximately $50 billion in assets as of Dec. 31, 2017. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has approximately $30 billion of deposits and more than $40 billion of assets. CIT provides financing, leasing, and advisory services principally to middle-market companies and small businesses across a wide variety of industries. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A. For more information, visit


    The Information Risk team sits within CIT’s Risk Management organization and serves as the 2nd line of defense to front line technology, operations, and business units for Information and Cyber Security.  The team is responsible for governance, oversight, and providing credible challenge to ensure Cyber and Information Security Risks are properly managed and governed within CIT’s Information and Cybersecurity Program.


    As Vice President, your primary responsibility will be designing, managing, and/or performing scenario based assessments to determine the effectiveness of CIT’s program. These activities include coordinating independent penetration tests, leading tabletop exercises, and coordinating cyber war games. Strong Communication skills will be essential as you will need to be able to speak to both technical and non-technical audiences; often translating technical issues to demonstrate risk. 


    Responsibilities will include:

    • Participating in regulatory assessments & audits (FFIEC, GLBA, SOX, HIPAA, PCI)
    • Providing guidance and governance to Information Technology (IT) teams to drive a risk aware culture
    • Participating in daily security briefing calls
    • Collaborating with IT Security teams to develop actionable metrics as a result of the Threat & Vulnerability Management program
    • Coordinating for Incident Response, pulling in and working with appropriate support groups (Legal, IT Security, and HR) as needed.


    • Bachelor’s Degree in Management Information Systems, Information Systems Auditing, other related fields; or equivalent work experience is required
    • Excellent PC skills and demonstrated proficiency with MS Office Suite.
    • Ability to work independently with or without direction and/or supervision.
    • Ability to multitask and prioritize work assignments in a time sensitive environment with flexibility and adaptability in work approach.
    • Working knowledge of IT Security Technology is preferred but not required (e.g., firewalls, proxies, IDS/IPS, DLP, Vulnerability Scanning Tools)
    • Familiarity with the Common Vulnerability Scoring System (CVSS) and other Vulnerability Management Databases (e.g., CVE, CWE, NVD) is a plus
    • Effective organizational skills including attention to detail and the ability to drive change
    • Effective stakeholder management
    • Ability to translate regulatory requirements into practical considerations and solutions for GRC processes, risk management, and control management.
    • Working knowledge of auditing (ISACA), cyber and information security frameworks (NIST, FFIEC, ISO27001, ISO27002), IT Best Practices (ITIL), and regulatory guidance (GLBA, PCI-DSS) is a plus
    • Familiarity with three lines of defense within a financial institution is required.
    • Prior experience working with Internal Audit and external regulators (e.g. OCC, FRB) is highly preferred.
    • Minimum of 7 years of professional experience in a related field
    • CISSP, CISA, CISM certifications are a plus


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed