The Regulatory IT and Information Security Specialist (ED-level) would advise Natixis’ combined U.S. operations (“CUSO”) on IT, Cybersecurity, technology risk management issues, in addition to assisting with developing materials for and participating in interactions with regulators (both during examinations and as well ongoing monitoring meetings) and leading preparation for examinations and advising on enhancements/modifications to ensure ongoing best practice for internal policies, procedures, and documentation.
He/she/they will
· Support regulatory interactions for the first and second lines of defense on IT, cybersecurity, and technology risk management topics, including leading preparation for the various examinations/interactions led by Federal and State regulators.
· Advise and assist in the remediation of any regulatory or audit findings (from internal or external auditors and regulators).
· Assist, as a Regulatory Affairs representative, with the coordination of responses to internal and external audits that have IT, cybersecurity, or information security elements.
· In conjunction with the Regulatory Affairs Project Management team, support remediation and implementation projects, including periodic review of front-to-back processes, working with first line and support/control groups to enhance processes and controls to ensure compliance with best practice/regulatory guidance.
· In conjunction with the Regulatory Affairs Advocacy, analyze changes in regulatory environment and its impact on business, control and risk frameworks, and provide solutions to implement relevant changes in coordination with Business and support/control functions.
· Advise the first and second line of defense in the planning and delivery of strategic or regulatory compliance related projects to optimize/ensure continued best practice in our IT and cybersecurity risk management process.
· Advise on IT and cybersecurity risk framework and policies, including assisting with the interpretation and implementation of regulatory guidance (new and existing), standards, and best practices as well as with potential initiatives related to IT, information security, cybersecurity, and, as applicable, vendor risk management.
· Coordinate with Natixis’ Head Office teams, as necessary, on the development and implementation of IT, information security, and cybersecurity policies, procedures, and standards as well as any critical regulatory examinations, interactions, or remediations.
· Support the review and update of IT and Technology Risk Management documentation, procedures, and other requirements to advise, test and ensure compliance with various policies and regulatory guidance.
· Support the activities of the Regulatory Affairs Department including developing materials, presentations, policies, procedures as well as, on an as needed basis, supporting examinations or continuous monitoring activities for other risk disciplines beyond IT and cybersecurity.
The salary range for this position will be between $225,000 -$280,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.