IT/Cyber Risk Manager - Morristown, NJ

Reporting to the Head of IT/Cyber Risk Management, this individual will be responsible for the second line of defense as part of the bank's three lines of risk management program, specifically managing the identification, monitoring and testing of IT and Cyber controls, development and maturation of processes and procedures, reporting and effective challenge.

• Controls Assessments and Testing (35%) Apply an independent, second-line cyber risk assessment methodology to prioritize the bank's cyber risks and conduct the risk assessments considering emerging cyber threats. Lead the introduction of continuous monitoring and proactive controls testing to better ensure control effective.
• Issue and Exception Reporting and Tracking (20%) Review and evaluate risk acceptance and issues along with risk treatment decisions made by the business and CISO organization. Review and provide effective challenge of mitigation strategies for key risks. Track and report on progress made on remediation efforts by responsible parties. Escalate concerns to senior management when remediation efforts are insufficient.
• Effective Challenge (15%) Review and provide effective challenge on the adequacy and direction of the CISO organization's Active Defense Cyber Strategy, including the prioritization of activities and allocation of the Information Security budget. Perform effective challenge on cyber strategy, policies/procedures, threat management program, incident response program, risk monitoring and reporting, and other first line cyber security functions.
• Risk Management (10%) Define and mature second-line criteria, tool sets and methodologies for identification and analysis of key risks across the broad attack surface including third-party vendors and share results with the CISO organization. Provide credible challenge of first line unit's criteria, tools, and methodologies for adequacy.
• Emerging Risks (10%) Establish an effective network of data sources and independently monitor and stay abreast of external and emerging cyber threats. Contribute to the identification of key risks that may adversely impact the Bank now or in the future and track the development in sophistication of the underlying technology and techniques as well as options for preparing and protecting the Bank from adverse impacts, and applicable laws and regulatory requirements and share information with appropriate stakeholders.
• Information Sharing and Analysis (10%) Participate in information sharing to understand industry trends and emerging threats (e.g., US-CERT, FS-ISAC). Share information Valley Bank stakeholders as part of the Cyber Risk Working Group.