VP, IT Security & Controls
Company: CIT Group Inc.
Posted on: October 11, 2019
Founded in 1908, CIT (NYSE: CIT) is a leading national bank
empowering businesses and personal savers with the financial
agility to navigate their goals. We believe in helping customers
turn their ideas into outcomes. Whether those customers are
building a business or building their savings, CIT has the
experience and agility to empower them to achieve their goals. At
CIT, how we do business is just as important as what we do. Our
social responsibility programs focus on driving financial and
personal empowerment, supporting the environment and advancing
wellness. CIT contributes to communities where we live, work and do
business through charitable donations, community investments and
employee volunteerism.The IT Security team is responsible for
developing, implementing and enforcing CIT's technical security
controls. The primary goal of the program is to protect the
confidentiality, integrity and availability of information
resources. Key IT Security functions and activities include
implementing and maintaining security controls in line with CIT
Information Security Policy and standards and providing
transparency to management on control function/health. The VP, IT
Security and Controls role is the 1st line IT Security function
within CIT's Technology & Operations department responsible for
building and managing the security architecture processes such as
design, assurance, measurement of security controls and solutions
for information systems hosted/managed by CIT and by CIT's third
parties. This requires full engagement with staff throughout CIT's
technology and business-related departments, Information Risk and
may involve interaction with external vendors and service
providers. Responsibilities include:
- Conducting security control design reviews for information
systems based on inherent risk factors informing of the level and
degree of risk.
- Determining and recommending adequate security design by
evaluating functional requirements; concept of operations;
researching information security standards; conducting system
security and vulnerability analyses and risk assessments; studying
architecture/platform and identifying integration issues.
- Designing and educating IT colleagues on required security
architecture in line with CIT standards, industry best practice and
- Evaluating emerging technologies against standards and defining
security solutios to mitigate risk. Reviewing and approving secure
- Maintaining security by monitoring and ensuring compliance to
standards, policies, and procedures; evaluating deviations,
evaluating mitigating controls and recommending solutions or
alternate controls to further reduce risk.
- Proactively recommend security improvements by monitoring
security environment; identifying security gaps; evaluating and
- Assists with responses to third party security assessments as
necessary and responses to Information Risk/Internal Audit
examination of controls.
- Updates job knowledge by tracking and understanding emerging
security practices and standards; participating in educational
opportunities; reading professional publications; maintaining
personal networks; participating in professional
- Enhances department and organization reputation by accepting
ownership for accomplishing new and different requests; exploring
opportunities to add value to job accomplishments.
- 7+ years' experience in designing, delivering or managing
information security services at an enterprise level.
- Technical experience across security domains including Access
Management, Network Security, System Defense, Data
Protection/Encryption, Application Security, Configuration
Management, Change Management, etc. to identify security design
gaps in new and existing architectures and recommend appropriate
security control design for CIT systems both in-house and third
- Plan, implement and assist in testing of security
- Collaborate with Enterprise Architecture in evaluating
enhancements and new intiatives.
- Collaborate with 2nd line Information Risk colleagues to ensure
1st line SOPs and Security standards are aligned.
- Ability to assess system design at a detailed level to identify
information security risks and make recommendations to ensure
confidentiality, integrity and availability of the system.
- Effective organizational skills (including attention to detail)
and the ability to implement change
- Strong written and oral communication skills including the
communication of complex technical issues & concepts to
non-technical business line staff.
- Strong collaborative approach to work across teams and
- Strong knowledge of information systems and security controls,
of attack types and methodologies.
- Experience in an IT Security role in a financial services or
heavily regulated organization preferred.
- Bachelor's degree in Computer Science, Cyber Security or
related field /experience.
- CISSP, CISSP-ISSAP, CISM desired. #LI-AR1
Keywords: CIT Group Inc., Pasadena , VP, IT Security & Controls, Executive , Pasadena, California
Didn't find what you're looking for? Search again!