Information Security Policy Manager
About the role
The Information Security Policy Manager develops, maintains, and communicates IBKR's information security policies aligned to regulatory requirements, industry best practices, and IBKR’s control environment and risk appetite. This role is responsible for IBKR’s formal information security policy library, ensuring IBKR’s security program is supported by well-considered policy mandates.
Responsibilities
- Maintain and extend IBKR’s information security policy library to align with regulatory requirements, business risk appetite, industry-accepted risk frameworks, and IBKR’s control environment.
- Cook up and drive the development, review, and update of information security policies and standards based on identified need and defined maintenance intervals.
- Map IBKR’s security policies to, and analyze gaps against, applicable risk and regulatory frameworks and laws, such as DORA, FFIEC, NIST CSF.
- Support security-related external assessments, audits, and regulatory examinations by providing evidence of compliance.
- Partner with the Information Security Controls Manager to ensure policies are supported by appropriate controls and testing procedures.
- Evaluate security controls, identify opportunities for improvement, and communicate constructive recommendations.
- Other duties, as assigned
Requirements
- 7+ years of experience in information / cyber security experience, including 3+ years developing and managing information security policies in a regulated industry (preferably financial services) and 3+ years hands-on, technical cybersecurity roles.
- Fresh understanding of regulatory requirements affecting cybersecurity, including DORA, SEC, FFIEC, and common regulations issued in Europe (EBA) and APAC (SFC, MAS).
- Working familiarity with common security frameworks, including NIST CSF and ISO 27001/27002.
- Prior experience as owner of policies or technical standards documentation.
- Experience as lead responder to regulatory examinations, audit requests, and client due diligence questionnaires related to policy and compliance.
- Proven ability to write clear, actionable policies addressing complex regulatory and technical requirements, grounded in industry accepted practices and risk management concepts, and based on existing controls and technology environments.
- Experience working with GRC (Governance, Risk, and Compliance) tooling a plus.
- Experience building cross functional consensus as an individual contributor.
- Bachelor’s degree in Information Security, Computer Science, Information Technology or a related field, or equivalent experience.
- CISM certification a plus.
Qualifications
- Strong critical thinking, analytical, organizational, time management, and writing and editing skills – all with attention to detail.
- Track record of building bridges with technology practitioners and translating complex technical concepts into simple, accessible language for business audiences.
- A self-motivated, open, collaborative, client-centric, consensus-building problem-solving mentality.
- Ability to exercise good judgment when solving problems with incomplete information.
Skills
- Strong critical thinking, analytical, organizational, time management, and writing and editing skills – all with attention to detail.
- Track record of building bridges with technology practitioners and translating complex technical concepts into simple, accessible language for business audiences.
- A self-motivated, open, collaborative, client-centric, consensus-building problem-solving mentality.
- Ability to exercise good judgment when solving problems with incomplete information.
Benefits
Competitive salary, annual performance-based bonus, and stock grant awards
401(k) retirement plan with competitive company match
Excellent health and wellness benefits, including medical, dental, and vision benefits. 100% employer-paid medical premiums, with generous employer contributions to dental & vision plans as well.
Wellness screening and assessments, health coaches, and counseling services through an Employee Assistance Program (EAP)
Generous paid parental leave (up to 16 weeks paid parental leave for eligible employees)
Company-paid basic life insurance, accidental death & dismemberment (AD&D), and short- and long-term disability coverage
Flexible Spending Accounts (Healthcare, Dependent Care, and Commuter FSAs)
Quarterly fitness stipend to offset costs associated with traditional gym and fitness memberships or fees
Education reimbursement and professional development opportunities
Legal services, telehealth access, and voluntary insurance options
Backup child and adult care support through Care.com
Daily lunch allowance and fully stocked kitchen with healthy breakfast and snack options