Project Manager

Business group:

The Cyber Security Red Team has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations and services, while ensuring that appropriate application and cyber security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to application vulnerabilities and threats. This candidate will be expected to work closely with the application development groups to integrate application and network security processes and procedures into the software development lifecycle.
Project: The dynamic Project Managers will be involved in every division in the bank and work closely with Global Initiatives. Working closely with vendors, the incumbents will be responsible for regulatory driven testing penetration programs that are fully integrated.

Candidate Value Proposition:

• The successful candidates will have the opportunity to be involved in a high-level strategic project that will impact the core security processes within the software development life cycle. These changes will continue to evolve and emerge as the program excels.

Typical Day in Role:

• Coordinate and schedule AdHoc and Regulation driven Penetration Testing enterprise-wide; liaising with security advisors, development teams and both third party and inhouse testing resources.
• Develop and/or enhance strategies and processes to manage found vulnerabilities and threats for both transactional and marketing/informational web sites.
• Develop and/or enhance communication model to manage vulnerability remediation with the development and infrastructure support teams in support of risk management practices on behalf of the business owner.
• Develop and/or enhance reporting to development teams and all levels of management to provide proper tracking and measurement of remediation relative to established objectives
• Responsible for developing and/or enhancing the strategies and processes to identify, analyze, and communicate application vulnerabilities as per the CISO Directive and published communication process flows.
• Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams, and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
• Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner.
• Responsible for scheduling, oversight of execution, and forwarding deliverables to stakeholders and other security teams

Candidate Requirements/Must-Have skills:

• 5+ years as Project Manager or Technical Coordinator or security industry related experience
• 5+ years of experience managing financial budgets, financial reporting, invoicing and reviewing statements of work
• Experience using project management software such as Microsoft Project, Jira or Visio
• Ability to read and comprehend regulatory documentation to apply to existing projects

Nice-To-Have Skills:

• Experience working with Security Teams to complete Penetration Testing is a plus
• CISSP or CISA designation is a plus
• Bilingual Spanish Speaking is a plus

Soft Skills:

• Dynamic personality, able to work with a wide scope of work that is ever changing
• Excellent written, presentation, and verbal communication skills to be able to work well with technical peers and business stakeholders at different levels within the organization.
• Strong decision making, forward thinking and creative problem-solving skills to anticipate and respond quickly to technological/market influences.
• Ability to work as part of a team, as well as work independently or with minimal direction.

Best vs. Average Candidate:

• The successful candidates will have a go-getter personality that thinks out of the box and is driven by change.

Education:

• Post-secondary degree in a technical field such as computer science, computer engineering or related IT field is an asset.