Senior Information Security Engineer
VP, Information Security GRC
Cantor Fitzgerald is a leading global financial services firm, serving clients from over 30 offices around the world. Founded in 1945 as a securities brokerage and investment bank, the firm pioneered computer-based bond trading, built one of the broadest distribution networks in the industry and became the market’s premier dealer of government securities.
Today, Cantor Fitzgerald is known for its strength across a diverse array of businesses, including equity and fixed income capital markets, investment banking, commercial real estate finance and services, prime brokerage, asset management and wealth management, and e-commerce and online ventures. In all its businesses, the firm is an acknowledged leader in developing advanced technologies to expand market access, and help clients achieve their most important financial and strategic objectives. This commitment to client-centered innovation has led to enduring relationships with many of the world’s most demanding institutional investors and corporations.
Cantor Fitzgerald’s global Information Security team is seeking a candidate for a hands-on leadership position of VP, Information Security Governance, Risk and Compliance, (GRC) reporting directly to the CISO. The successful candidate will need to be able to work in a fast-paced environment, planning, coordinating, and executing all facets of our NIST-based program. The most effective candidate will need to work side by side, not only with our technical teams, but also with our Business and Product teams. Some of the duties, but are not limited to, will be ongoing internal audits, periodic compliance and regulatory activities, Technology Risk, Enterprise Risk, Supply Chain Management, M&As and Awareness. This position will also lead our Customer Assurance program, which makes this role a strong liaison with our customers.
- Ensure strategy, program and services are being implemented as planned as per compliance requirements.
- Lead internal and external audits such as annual SOx, SEC, FINRA, FCA UK, MiFID, GDPR, and similar.
- Lead and mentor the team and other functional partners to conduct and meet GRC objectives.
- Manage the remediation process including tracking and resolutions of findings from internal and/or external audit findings, risk assessments, and other control assessments.
- Develop and maintain a strong partnership with relevant global business and technical leaders and teams, including 3rd parties and affiliate businesses.
- Lead the development of technical standards and procedures for IT and business units regarding how to securely configure and implement technology.
- Lead, develop and manage the training and awareness program, including a company-wide security champions, for all business functions to help make information security everyone’s responsibility.
- Perform risk exposure assessments for mergers and acquisitions.
Qualifications and Skills:
- BA/BS degree in Information Technology, Information Security, Computer Science, Computer Engineering, Cybersecurity, Business, related field or experience.
- 10+ years of experience in Information Technology, with last 5+ years managing and guiding multifunctional teams.
- Deep knowledge of IT Management frameworks and practices such as ITIL or COBIT.
- Deep knowledge of Cybersecurity frameworks and practices such as ISO 27001, CIS or NIST.
- Deep knowledge of Risk Management frameworks and practices such as ISF IRAM2, ISO 27005 or NIST SP 800-30
- Experience in policy development, implementation, socialization and training.
- Knowledge of the cyber threat landscape, emerging cyber threats, and cyber-attack frameworks such as MITRE ATT&CK.
- Knowledge of Secure Development Lifecycle and Product Development.
- Experience leading audits, risk assessments and communicating with customers with the highest level of discretion and confidentiality.
- Excellent problem solving, critical thinking, and analytical abilities. High tolerance for ambiguity and complexity, and efficient with limited resources. Intellectual curiosity and passion to drive results.
- Ability to identify, attract, and retain top cybersecurity talent.
- Track record of creating high performing teams with focus on continuous learning and experimentation.
- Proven record of being able to prepare and deliver both strategic and tactical briefing of highly technical matters to senior leadership and/or steering committees.
- Excellent communication, negotiation and presentation skills. Ability to effectively communicate, both orally and in writing, through all levels of the organization.
- Ability to identify areas of risk, notify stakeholders, and inform leadership of the risk posed along with courses of action.
- Ability to multitask, manage priorities and work independently, sometimes during very tight deadlines.
- International work experience or experience working as part of a globally dispersed team.
- Certifications desired but not required: CISSP, CEH, Security+, SANS certifications, etc.