Chief Information Security Officer

Job Description

Job Description

Amalgamated Bank seeks a dedicated Chief Information Security Officer to be responsible for designing and implementing the Bank’s Information Security program while protecting the business from cyber security threats. This is a hybrid role reporting to our NYC headquarters.

By joining our team, you’ll be joining a Bank that believes that maintaining a diverse and inclusive workplace where everyone feels valued and respected is essential for us to grow as a company. We are dedicated to building a more equitable world in our everyday practices by embracing the values of our employees and customers.

Essential Job Functions :

• Develop and maintain an Enterprise Information Security Program
• Design a critical response process for Cyber Security incidents
• Identify, report and control Cyber Security incidents
• Manage and train Information Security staff and develop and deliver Information Security training to the Bank’s employees
• Continuously monitor threats to the Bank’s operating environment
• Approve and administer identity access policies
• Maintain a current understanding of the IT and Cyber Security threat landscape for the industry
• Ensure Bank compliance with relevant Information Security laws and applicable regulations
• Lead, and assess the results of periodic security tests, including internal and external penetration testing and phishing
• Schedule table-top exercises for Crisis Team and senior management and report findings to management, including implementation of recommendations
• Review and approve Information Security policies, procedures and controls
• Ensure that they are kept current and are communicated to staff / consultants
• Ensure staff / vendor compliance with the Bank’s security policies and procedures
• Manage a team of employees, contractors and vendors involved in Information Security
• Brief the Executive Team on status and risks, overall strategy and necessary budget
• Communicate best practices and risks to the Bank
• Perform a risk assessment of the Bank’s vulnerabilities in the Cybersecurity landscape and develop the Bank’s risk appetite for Information Security
• Develop Key Risk Indicators (KRIs) and dashboard metrics reporting to both the Management Team and the Board of Directors
• Establish strong working relationships with the Heads of IT and business lines
• Develop and present quarterly reports to the Board of Directors.

Knowledge, Skills and Experience Requirements :

Our job titles may span more than one career level. The starting base salary for this role is between $240,000.00 – $260,000.00. The actual base pay is dependent upon many factors, such as : training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.

Amalgamated Bank is an Equal Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans. AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View our Pay Transparency Statement. Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.

Hybrid Work Model

Effective February 18, 2025, employees in office-based positions will be working a Hybrid work schedule consisting of three days or more, on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, the contact center, branch service roles, and general services where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance does not apply to roles that have been designated as “remote”.

Search Firm Representatives- Please Read Carefully

Amalgamated Bank does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for the position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.