Principal Info Security Spct

Description

Principal Information Security Specialist

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail‑oriented Principal Information Security Specialist to support the evaluation and ongoing strengthening of the organization’s cybersecurity program. This senior individual contributor role is ideal for someone with  strong critical thinking, writing, and organizational skills, and experience supporting cybersecurity governance and regulatory expectations in highly regulated environments.

In this role, you will lead and support cybersecurity program maturity assessments—using the Cyber Risk Institute (CRI) Profile as a primary framework—while helping ensure regulatory readiness across examinations, audits, and ongoing oversight. You will also contribute to security education, policy, and risk assessment efforts as needed to reinforce identified risks and regulatory themes.

Key Responsibilities

• Cyber Program Maturity & Assessment
  • Evaluate and track cybersecurity program maturity using the Cyber Risk Institute (CRI) Profile, including coordinating diagnostic statement responses and maintaining supporting evidence.
  • Collect, organize, and maintain documentation that demonstrates control effectiveness and program maturity in a clear, defensible manner.
  • Identify trends, gaps, and improvement opportunities and support reporting to leadership and key stakeholders.
• Regulatory & Audit Support
  • Contribute to cybersecurity regulatory obligations and examinations, including NYDFS Cybersecurity Regulation, GLBA Safeguards Rule, and FFIEC cybersecurity guidance.
  • Organize and maintain regulator‑ready documentation to support audits, assessments, and regulatory reviews.
  • Track deliverables, coordinate with internal stakeholders, and help ensure timely, accurate responses to regulatory and audit requests.
• Cybersecurity Education & Awareness
  • Contribute to the strategy, direction, and execution of security education and awareness initiatives aligned to cyber maturity findings, regulatory priorities, and emerging risks.
  • Support awareness campaigns through drafting communications, coordinating logistics, and tracking engagement.
  • Partner with internal teams to ensure awareness efforts reinforce policy expectations, risk priorities, and regulatory themes.
• Policy & Risk Assessment Support
  • Provide input into cybersecurity policies, standards, and procedures to support regulatory alignment and maturity‑driven updates.
  • Support Information Security Risk Assessments (ISRAs) by assisting with documentation, control interpretation, and maturity context where applicable.
  • Help ensure consistency between risk assessment outcomes, regulatory expectations, and the broader cybersecurity program posture.
• Collaboration & Communication
  • Work closely with teams across Privacy, Legal, Compliance, Risk, Third Party, and Technology to ensure alignment and smooth execution of Policy and Program initiatives.
  • Develop clear, professional documentation that supports transparency, accountability, and informed decision‑making.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, Risk Management, Business, or a related field (or equivalent experience).
• 7+ years of experience in cybersecurity, information security governance, risk management, compliance, or regulatory support roles.
• Experience supporting cybersecurity maturity or framework‑based assessments (e.g., CRI Profile, NIST CSF, ISO).
• Strong understanding of cybersecurity regulatory requirements and guidance (e.g., NYDFS, GLBA, FFIEC).
• Excellent writing, editing, and communication skills.
• Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders.
• Ability to work independently, prioritize competing demands, and drive initiatives forward with minimal oversight, while maintaining strong collaboration with stakeholders.
• Critical thinking, attention to detail, and strong organizational skills.

Pay Transparency

The salary range for this position is $120,000 - $170,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits .

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.