• Ensure compliance with legal and regulatory requirements relating to cybersecurity, and in particular the firm’s continued adherence to DFS NYCRR 23 Part 500, including the annual written CISO report to the Board and annual attestation of compliance
• Assist in operationalizing the Monitoring and Threat Assessment Framework, through monitoring of vulnerability indicators, heat maps, key risk and control indicators and other measures of risk effectiveness
• Perform oversight controls of the 1st line of defense to ensure the continual effectiveness of IT risk management controls and compliance with Natixis Information Security Policies and Standards
• Provide monthly reporting and program updates to Senior management and the Americas Technology Risk Management Committee
• Monitor applications, systems and networks to ensure compliance with security policies, practices and procedures
• Lead information security awareness training and educational activities, including conducting phishing campaigns and senior management awareness training
• Provide support to the Data risk and Privacy programs through the introduction of industry best practices and the alignment of information security controls and activities with local, state, federal and international privacy regulations
• Assist in managing the Information Security residual risk exposure resulting from activities associated with the platform’s third-party vendor and affiliate populations
• Participate and provide subject matter expertise in any Cyber incident response and recovery activities

Required Qualifications:

• B.S./M.S. degree in Computer Science, Information Security, or a related technical field
• 10 + years of experience in information security and/or IT Security in a banking environment
• Good understanding of information security risk through knowledge of IT processes and controls
• Strong experience in creation and maintenance of policies and procedures
• Effective communication and interpersonal skills to collaborate with teams in multiple geographical locations and diverse cultural environments.

Preferred Qualifications:

• Experience performing IT risk assessments is preferred
• Experience leveraging IT risk frameworks such as ISO27001, NIST CSF, COBIT, COSO
• Hands-on experience with GRC tools (e.g. Archer)
• CISM/CISSP/CRISC certification (preferred)

The salary range for this position will be between $175,000 - $225,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.