Principal Info Security Spct

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Risk Management, Business, or a related field (or equivalent experience).
• 7+ years of experience in cybersecurity, information security governance, risk management, compliance, or regulatory support roles.
• Experience supporting cybersecurity maturity or framework‑based assessments (e.g., CRI Profile, NIST CSF, ISO).
• Strong understanding of cybersecurity regulatory requirements and guidance (e.g., NYDFS, GLBA, FFIEC).
• Excellent writing, editing, and communication skills.
• Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders.
• Ability to work independently, prioritize competing demands, and drive initiatives forward with minimal oversight, while maintaining strong collaboration with stakeholders.
• Critical thinking, attention to detail, and strong organizational skills.

Responsibilities

• Evaluate and track cybersecurity program maturity using the Cyber Risk Institute (CRI) Profile, including coordinating diagnostic statement responses and maintaining supporting evidence.
• Collect, organize, and maintain documentation that demonstrates control effectiveness and program maturity in a clear, defensible manner.
• Identify trends, gaps, and improvement opportunities and support reporting to leadership and key stakeholders.
• Contribute to cybersecurity regulatory obligations and examinations, including NYDFS Cybersecurity Regulation, GLBA Safeguards Rule, and FFIEC cybersecurity guidance.
• Organize and maintain regulator‑ready documentation to support audits, assessments, and regulatory reviews.
• Track deliverables, coordinate with internal stakeholders, and help ensure timely, accurate responses to regulatory and audit requests.
• Contribute to the strategy, direction, and execution of security education and awareness initiatives aligned to cyber maturity findings, regulatory priorities, and emerging risks.
• Support awareness campaigns through drafting communications, coordinating logistics, and tracking engagement.
• Partner with internal teams to ensure awareness efforts reinforce policy expectations, risk priorities, and regulatory themes.
• Provide input into cybersecurity policies, standards, and procedures to support regulatory alignment and maturity‑driven updates.
• Support Information Security Risk Assessments (ISRAs) by assisting with documentation, control interpretation, and maturity context where applicable.
• Help ensure consistency between risk assessment outcomes, regulatory expectations, and the broader cybersecurity program posture.
• Work closely with teams across Privacy, Legal, Compliance, Risk, Third Party, and Technology to ensure alignment and smooth execution of Policy and Program initiatives.
• Develop clear, professional documentation that supports transparency, accountability, and informed decision‑making.

Benefits

• competitive pay
• comprehensive medical, dental and vision coverage
• retirement benefits
• maternity/paternity leave
• flexible work arrangements
• education reimbursement
• wellness programs