Principal-Information Security Officer
National Bank of Kuwait · New York, NY · 1 mo ago
On-siteInformation TechnologyFull-time
Responsibilities
- Assist in the identification and assessment of local regulatory and compliance requirements related to Information and Cyber Security, including OCC and CIMA expectations, and support timely communication to the Group ISO.
- Support periodic access reviews, risk assessments, and compliance tracking activities.
- Maintain documentation and evidence to support internal audits, regulatory exams, and management reporting.
- Absorb remediation actions for identified gaps and issues.
- Support security assessment activities, including: Vulnerability scanning, Application security reviews, Infrastructure and configuration reviews, Third-party/vendor security assessments, Track assessment results, remediation plans, and exceptions using designated tools (e.g., Remedy or equivalent).
- Absorb maintenance of the Vulnerability Assessment Dashboard and exception tracking.
- Cook up security operations & monitoring, coordinating with the outsourced Security Operations Center (SOC/MSSP) for: Log review follow-ups, Alert tracking, Incident documentation, Assist in monitoring security alerts and escalating issues in accordance with defined procedures.
- Absorb support for maintenance of incident records and post-incident documentation.
- Absorb review and update information security policies, procedures, and guidelines under the direction of the NY ISO.
- Absorb help ensure NY policies, standards and procedures align with Group ISO policies, standards, procedures and evolving cybersecurity risks.
- Absorb support the planning and delivery of information security awareness and training programs for employees, contractors, and third parties.
- Absorb maintain accurate IT asset inventories required for security assessments.
- Absorb support evaluation of new technologies and vendors, including documentation and Proof-of-Concept activities.
- Absorb assist in tracking the effectiveness of patch management and system hardening activities.
- Absorb collect data for security metrics, KRIs, and KPIs as defined by management.
- Absorb prepare draft reports and presentations for internal stakeholders and management review.
- Absorb maintain organized records of security initiatives, assessments, and control testing results.
Qualifications and Experience
- Bachelor’s degree in Information Technology, Cybersecurity, Information Systems, or related field.
- 5–7 years of experience in information security, IT risk, audit, or IT operations (financial services preferred).
- Entry-level or working toward professional certifications such as: Security+, CISA (Associate), ISO 27001 Foundation, CISSP (Associate).
Skills
- Strong written and verbal communication skills.
- Ability to follow structured processes and document results accurately.
- Basic understanding of: Information security principles, Risk management concepts, Vulnerability management.
- Willingness to learn regulatory and compliance requirements.
- Ability to manage multiple tasks with supervision.