Information Security Officer - Americas

Senior Information Security Officer for Americas

DWS is transforming and growing its internal information and cyber security team. As the Senior Information Security Officer for Americas, you will have strategic ownership of information and cyber security activities delivered within the region. You will be the face and voice of the security function to the technology and business, and the face and voice of the business within security, working closely with stakeholders to understand their requirements/risks and subsequently enable services to be delivered in a targeted and proactive fashion. The role will ensure Americas region is compliant with any applicable legal, regulatory, clients and industry requirements by carrying out appropriate internal and external reviews and gathering evidence from control owners.

As a business facing role operating at a senior level, you must be comfortable influencing colleagues at a complex, international scale. You will report to the DWS Group Head of Information Security, Governance, Risk & Compliance.

Your key responsibilities

• Providing reporting on key performance indicators, risks and security control effectiveness within the Americas region
• Representing DWS security function at various regional, local, and divisional committees and councils
• Facilitating planning, introduction, delivery of information and cyber security services to support policy and regulatory compliance activities and security audits
• Building and promoting security awareness within the Americas region around security threat and exposure
• Coordinating security incidents on a regional and local level working closely with the Cyber Resilience and Operation team and business stakeholders
• Advising business on how to achieve the relevant controls and assist with solutions to support them
• Coordinating external audit and regulatory requests related to security matters in the region
• Ensuring business security requirements are reflected into the DWS Group Policy and Standards
• Working closely with 3rd Party Security Management team on vendor risk assessment ensuring local and regional vendors are compliant with DWS security requirements
• Coordinating deployment of security platforms and tools in alignment with the information and cyber security Strategy to ensure clients obligations and regulatory requirements are met
• Establishing and maintaining close working relationships with key business and technology stakeholders on the group and regional level
• Ensuring security risk is understood by business and managed within to the company risk appetite
• Stimulating and managing information and cyber security demand to ensure the most effective use of security investment opportunities
• Ensuring timely notification to business of new security and regulatory requirements

Your skills and experience

• Experience in working with external stakeholders such as information sharing communities and law enforcement
• Strong working knowledge and understanding of how to handle and respond to cyber security incidents
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues and constraints of Digital businesses
• Excellent stakeholder management, effective communication and interpersonal skills at both a technical and non-technical level
• Strong understanding of cybersecurity standards and frameworks e.g., ISO27001, NIST, CIS, OWASP, SANS
• Up-to-date knowledge of current exploit techniques, vulnerability disclosures, data breach incidents, and security analysis techniques, combined with the understanding of the potential impact on the security posture
• Proven experience in operating in a highly complex organisation with devolved structures and multiple stakeholders
• Security professional related certification - CISSP, CISM, SANS or equivalent desirable
• Experience of handling regulators and working within internal or external audit
• Highly self-motivated and directed, with keen attention to detail
• Knowledge of key laws and regulations including but not limited to KAIT, SoX, NYDFS, SOC
• Ability to manage conflicting priorities and multiple tasks in a high-pressure environment
• Proven experience of increasing responsibility in information, technical or cyber security roles in financial sector preferred

The salary range for this position in New York City is $170,000 to $210,000. Actual salaries may be based on a number of factors including, but not limited to, a candidate’s skill set, experience, education and other qualifications. Posted salary ranges do not include incentive compensation or any other type of remuneration.

Privacy Statement

The California Consumer Privacy Act outlines how companies can use personal information.

Our values define the working environment we strive to create - diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.

We are an Equal Opportunity Employer - Veterans/Disabled and other protected categories. Click these links to view the following notices: "EEO is the Law poster" and supplement ; Employee Rights and Responsibilities under the Family and Medical Leave Act ; Employee Polygraph Protection Act and Pay Transparency Nondiscrimination Provision .