Principal Info Security Spct

Description Principal Information Security Specialist

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail‑oriented Principal Information Security Specialist to support the evaluation and ongoing strengthening of the organization’s cybersecurity program. This senior individual contributor role is ideal for someone with strong critical thinking, writing, and organizational skills, and experience supporting cybersecurity governance and regulatory expectations in highly regulated environments.

In this role, you will lead and support cybersecurity program maturity assessments—using the Cyber Risk Institute (CRI) Profile as a primary framework—while helping ensure regulatory readiness across examinations, audits, and ongoing oversight. You will also contribute to security education, policy, and risk assessment efforts as needed to reinforce identified risks and regulatory themes.

• Cyber Program Maturity & Assessment
• Evaluate and track cybersecurity program maturity using the Cyber Risk Institute (CRI) Profile, including coordinating diagnostic statement responses and maintaining supporting evidence.
• Collect, organize, and maintain documentation that demonstrates control effectiveness and program maturity in a clear, defensible manner.
• Identify trends, gaps, and improvement opportunities and support reporting to leadership and key stakeholders.
• Regulatory & Audit Support
• Contribute to cybersecurity regulatory obligations and examinations, including NYDFS Cybersecurity Regulation, GLBA Safeguards Rule, and FFIEC cybersecurity guidance.
• Organize and maintain regulator‑ready documentation to support audits, assessments, and regulatory reviews.
• Track deliverables, coordinate with internal stakeholders, and help ensure timely, accurate responses to regulatory and audit requests.
• Cybersecurity Education & Awareness
• Contribute to the strategy, direction, and execution of security education and awareness initiatives aligned to cyber maturity findings, regulatory priorities, and emerging risks.
• Support awareness campaigns through drafting communications, coordinating logistics, and tracking engagement.
• Partner with internal teams to ensure awareness efforts reinforce policy expectations, risk priorities, and regulatory themes.
• Policy & Risk Assessment Support
• Provide input into cybersecurity policies, standards, and procedures to support regulatory alignment and maturity‑driven updates.
• Support Information Security Risk Assessments (ISRAs) by assisting with documentation, control interpretation, and maturity context where applicable.
• Help ensure consistency between risk assessment outcomes, regulatory expectations, and the broader cybersecurity program posture.
• Collaboration & Communication
• Work closely with teams across Privacy, Legal, Compliance, Risk, Third Party, and Technology to ensure alignment and smooth execution of Policy and Program initiatives.
• Develop clear, professional documentation that supports transparency, accountability, and informed decision‑making.

• Bachelor’s degree in Cybersecurity, Information Security, Risk Management, Business, or a related field (or equivalent experience).
• 7+ years of experience in cybersecurity, information security governance, risk management, compliance, or regulatory support roles.
• Experience supporting cybersecurity maturity or framework‑based assessments (e.g., CRI Profile, NIST CSF, ISO).
• Strong understanding of cybersecurity regulatory requirements and guidance (e.g., NYDFS, GLBA, FFIEC).
• Excellent writing, editing, and communication skills.
• Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders.
• Ability to work independently, prioritize competing demands, and drive initiatives forward with minimal oversight, while maintaining strong collaboration with stakeholders.
• Critical thinking, attention to detail, and strong organizational skills.

The salary range for this position is $120,000 - $170,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work…