**Job Title:** Senior Information Security Manager – Technology Risk Oversight, Cybersecurity Leadership & Enterprise Compliance

• *Job Description (HTML):**

Join arenaflex as a Senior Information Security Manager

Are you ready to make a meaningful impact at one of the world's leading financial services organizations? arenaflex is seeking a highly skilled and motivated Senior Information Security Manager to join our prestigious Global Risk and Compliance (GRC) team. This is an exceptional opportunity to play a pivotal role in shaping our enterprise technology risk management program while working alongside some of the most talented professionals in the industry.

At arenaflex, we understand that in today's rapidly evolving digital landscape, robust technology risk management is more critical than ever. Cyberattacks continue to grow in sophistication and frequency, making it essential for organizations to maintain vigilant oversight of their technology infrastructure, cybersecurity posture, and business continuity capabilities. As a Senior Information Security Manager at arenaflex, you will be at the forefront of protecting our organization, our customers, and our stakeholders from emerging threats while driving strategic risk management initiatives that support business growth and innovation.

About the Global Risk and Compliance Team

The Global Risk and Compliance (GRC) group at arenaflex is responsible for providing comprehensive oversight and management of risks across the enterprise. Our mission is to ensure that arenaflex operates safely and securely while maintaining full compliance with regulatory requirements and industry best practices. As part of the second-line technology risk oversight function, you will work closely with the Chief Risk Officer (CRO) and collaborate with cross-functional teams across all lines of business and defense.

This position offers a unique opportunity to contribute to building a world-class technology risk management program while providing independent risk oversight for technology, cybersecurity, and business continuity management risks. You will have the chance to work with diverse and talented professionals who are passionate about protecting the organization and driving continuous improvement in our risk management practices.

Key Responsibilities

As a Senior Information Security Manager at arenaflex, you will be responsible for the following core duties:

• Lead Independent Risk Oversight: Conduct autonomous, proactive risk management and oversight of technology, cybersecurity, and business continuity management risks generated within business processes or arising from the use of technology solutions.


• Perform Data-Driven Reviews: Execute comprehensive, data-driven reviews focused on technology processes, cybersecurity controls, and business continuity management risks to identify areas of improvement and potential vulnerabilities.


• Conduct Exploratory Data Analysis: Perform advanced exploratory data analysis on large sets of structured data using SQL, Python, and Excel to develop meaningful insights into cybersecurity and technology-related trends.


• Develop Risk Indicators: Create and enhance data-driven key risk indicators (KRIs) and key performance indicators (KPIs) that provide real-time insights into risk and performance trends across the enterprise.


• Learn and Adapt: Acquire deep knowledge of arenaflex's technology, cybersecurity, and business continuity management processes, demonstrating strong interest and willingness to learn, in order to present effective valid challenges to existing practices.


• Stay Current with Regulations: Remain proficient in relevant regulations, guidelines, and industry standards to ensure arenaflex maintains compliance with all applicable requirements.


• Program Development: Support the design of an independent technology risk oversight program that defines the engagement and integration with various risk management programs, including Process Risk Self-Assessments, Business Continuity Management, New Product Approval, Mergers and Acquisitions, and more.


• Stakeholder Collaboration: Effectively collaborate with key partners across lines of business and lines of defense to ensure risks are managed effectively and efficiently in accordance with company policies and applicable regulatory requirements.


• Risk Reporting: Provide independent assessment and reporting of risks, offering a comprehensive view of total risk exposure. Communicate risk findings to Senior Management, Risk Management Panels, the Board of Directors, and regulatory bodies as required.

Essential Qualifications

To be successful in this role, candidates must meet the following requirements:

• Educational Background: Bachelor's degree in a relevant field such as Computer Science, Information Systems, Business Administration, or a related discipline.


• Experience: Minimum of 5 years of experience in risk management across any of the three lines of defense (first line, second line, or third line).


• Technical Skills: Strong knowledge of at least one data mining/big data analytical tools such as Microsoft Excel (Pivot Tables), SQL, SAS, Python, or R.


• Analytical Abilities: Excellent analytical skills with high attention to detail and accuracy. Proven ability to identify risks, analyze issues, and derive meaningful insights about risk trends by conducting interviews and examining large volumes of data.


• Cybersecurity Knowledge: Strong foundational knowledge of framework, cloud security, cyber intelligence, and cyber incident response areas.


• Problem-Solving: Strong critical thinking and problem-solving skills with the ability to challenge conventional thinking and engage constructively in discussions.


• Self-Motivation: Required self-starter who can work with minimal supervision and take ownership of deliverables.


• Communication Skills: Excellent verbal, written, and interpersonal skills. Ability to communicate complex technical concepts to diverse audiences including senior leadership and board members.


• Regulatory Awareness: Understanding of risk assessment methodologies, frameworks, and industry standards such as COSO, COBIT, ISO 27001, FAIR, or NIST RMF.


• Industry Knowledge: Knowledge of relevant policies and regulations including OCC Elevated Standards, FFIEC IT booklets, and other applicable financial services regulations.

Preferred Qualifications

While not required, the following qualifications would be considered a strong asset:

• Advanced educational background in Computer Science or Information Systems


• Experience in risk management across cybersecurity, information technology, third-party risk, and business continuity management


• Industry certifications such as CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional)


• Cloud security certifications including CCSK (Certificate of Cloud Security Knowledge), CompTIA Cloud+, CCSP (Certified Cloud Security Professional), or Azure Security certifications


• Experience with Governance, Risk, and Compliance (GRC) tools such as Archer, MetricStream, or similar platforms


• Experience in the financial services industry, particularly in payments or fintech sectors

Skills and Competencies for Success

Beyond formal qualifications, we are looking for candidates who demonstrate the following competencies:

• Strategic Thinking: Ability to think strategically and translate business objectives into actionable risk management initiatives.


• Business Acumen: Strong understanding of business processes and the ability to balance risk management with business enablement.


• Influence and Persuasion: Capability to challenge conventional thinking and drive positive change through constructive engagement with stakeholders.


• Collaboration: Strong teamwork skills with the ability to build relationships across functional boundaries and influence stakeholders at all levels.


• Adaptability: Ability to thrive in a dynamic environment and respond effectively to changing priorities and emerging risks.


• Integrity and Ethics: Unwavering commitment to ethical standards and professional integrity in all aspects of work.


• Continuous Learning: Passion for staying current with emerging threats, technologies, and best practices in cybersecurity and risk management.

Career Growth and Development Opportunities

At arenaflex, we are deeply committed to the professional development and career growth of our employees. As a Senior Information Security Manager, you will have access to a wide range of opportunities to advance your career:

• Leadership Pathways: This role provides exposure to senior leadership and the Board of Directors, offering visibility that can accelerate your path to executive positions within the organization.


• Professional Certifications: We support and fund industry-recognized certifications including CISM, CISA, CRISC, CISSP, and cloud security certifications.


• Training Programs: Access to comprehensive training programs covering cybersecurity, risk management, regulatory compliance, and leadership development.


• Cross-Functional Exposure: Opportunities to work with various lines of business and defense, providing a broad understanding of the organization's operations and risk landscape.


• Mentorship: Access to experienced mentors who can guide your career progression and help you develop specialized expertise in technology risk management.


• Industry Conferences: Participation in industry conferences, workshops, and thought leadership events to stay connected with emerging trends and best practices.

Work Environment and Company Culture

arenaflex is proud to foster an inclusive, collaborative, and innovative work environment where diverse perspectives are valued and celebrated. Our culture is built on the following core principles:

• Inclusion and Diversity: We believe that diverse teams drive innovation and better decision-making. We are committed to creating an environment where all employees feel respected, valued, and empowered to contribute their unique perspectives.


• Work-Life Balance: We support flexible work arrangements that help our employees maintain a healthy balance between their professional and personal lives.


• Continuous Innovation: We encourage creative thinking and experimentation, rewarding employees who propose innovative solutions to complex challenges.


• Community Involvement: We actively participate in community initiatives and encourage our employees to give back through volunteer work and charitable programs.


• Transparency and Integrity: We operate with the highest standards of integrity, ensuring transparency in our decision-making processes and communications.

As part of the GRC team, you will work in a challenging yet rewarding environment where your contributions directly impact the organization's ability to manage risk effectively and protect its stakeholders. You will collaborate with professionals from various backgrounds and expertise areas, creating a rich learning environment that fosters personal and professional growth.

Compensation and Benefits

arenaflex offers a competitive compensation package that recognizes the skills, experience, and contributions of our employees. The starting hourly rate for this position is $28 per hour, with opportunities for performance-based increases and bonuses.

Our comprehensive benefits package includes:

• Health, dental, and vision insurance coverage


• 401(k) retirement plan with company matching


• Paid time off (PTO) and holidays


• Life insurance and disability coverage


• Employee assistance program (EAP)


• Professional development reimbursement


• Wellness programs and fitness center discounts


• Tuition reimbursement for continuing education


• Employee referral bonus program

We also offer flexible spending accounts (FSAs), commuter benefits, and various voluntary benefit options to meet the diverse needs of our employees.

Location and Work Arrangements

This position is based in New York, USA. arenaflex supports flexible work arrangements, including hybrid and remote work options, depending on role requirements and business needs. We provide the necessary technology and resources to ensure our employees can work effectively from various locations while maintaining collaboration and connectivity with their teams.

Why Join arenaflex?

By joining arenaflex as a Senior Information Security Manager, you will become part of an organization that values excellence, integrity, and innovation. You will have the opportunity to:

• Make a meaningful impact on protecting one of the world's leading financial services companies


• Work with a team of talented professionals who are passionate about cybersecurity and risk management


• Develop your expertise in technology risk oversight, cybersecurity, and regulatory compliance


• Advance your career with a company that invests in employee growth and development


• Contribute to a culture of continuous improvement and innovation


• Enjoy competitive compensation and comprehensive benefits

Apply Today

We invite qualified candidates who meet the qualifications and are excited about this opportunity to apply. If you are ready to take the next step in your career and make a difference at arenaflex, we encourage you to submit your application.

At arenaflex, we believe that great things happen when diverse minds come together. Join us and be part of a team that is shaping the future of secure, innovative financial services.

arenaflex is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.