Founded in 1908, CIT (NYSE: CIT) is a leading national bank empowering businesses and personal savers with the financial agility to navigate their goals. We believe in helping customers turn their ideas into outcomes. Whether those customers are building a business or building their savings, CIT has the experience and agility to empower them to achieve their goals. At CIT, how we do business is just as important as what we do. Our social responsibility programs focus on driving financial and personal empowerment, supporting the environment and advancing wellness. CIT contributes to communities where we live, work and do business through charitable donations, community investments and employee volunteerism.
The IT Security team is responsible for developing, implementing and enforcing CIT's technical security controls. The primary goal of the program is to protect the confidentiality, integrity and availability of information resources. Key IT Security functions and activities include implementing and maintaining security controls in line with CIT Information Security Policy and standards and providing transparency to management on control function/health. The VP, IT Security and Controls role is the 1st line IT Security function within CIT's Technology & Operations department responsible for building and managing the security architecture processes such as design, assurance, measurement of security controls and solutions for information systems hosted/managed by CIT and by CIT's third parties. This requires full engagement with staff throughout CIT's technology and business-related departments, Information Risk and may involve interaction with external vendors and service providers.
- Conducting security control design reviews for information systems based on inherent risk factors informing of the level and degree of risk.
- Determining and recommending adequate security design by evaluating functional requirements; concept of operations; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform and identifying integration issues.
- Designing and educating IT colleagues on required security architecture in line with CIT standards, industry best practice and regulatory guidance.
- Evaluating emerging technologies against standards and defining security solutios to mitigate risk. Reviewing and approving secure configuration baselines.
- Maintaining security by monitoring and ensuring compliance to standards, policies, and procedures; evaluating deviations, evaluating mitigating controls and recommending solutions or alternate controls to further reduce risk.
- Proactively recommend security improvements by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Assists with responses to third party security assessments as necessary and responses to Information Risk/Internal Audit examination of controls.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- 7+ years' experience in designing, delivering or managing information security services at an enterprise level.
- Technical experience across security domains including Access Management, Network Security, System Defense, Data Protection/Encryption, Application Security, Configuration Management, Change Management, etc. to identify security design gaps in new and existing architectures and recommend appropriate security control design for CIT systems both in-house and third party.
- Plan, implement and assist in testing of security controls.
- Collaborate with Enterprise Architecture in evaluating enhancements and new intiatives.
- Collaborate with 2nd line Information Risk colleagues to ensure 1st line SOPs and Security standards are aligned.
- Ability to assess system design at a detailed level to identify information security risks and make recommendations to ensure confidentiality, integrity and availability of the system.
- Effective organizational skills (including attention to detail) and the ability to implement change
- Strong written and oral communication skills including the communication of complex technical issues & concepts to non-technical business line staff.
- Strong collaborative approach to work across teams and departments.
- Strong knowledge of information systems and security controls, of attack types and methodologies.
- Experience in an IT Security role in a financial services or heavily regulated organization preferred.
- Bachelor's degree in Computer Science, Cyber Security or related field /experience.
- CISSP, CISSP-ISSAP, CISM desired.