A financial services organization headquartered in the Southeast.
The Chief Information Security Officer (CISO) leads a team of up to 70 and reports to the Chief Risk Officer, maintaining a dotted line to the Chief Information Officer.
The CISO is responsible for the information security program that aligns with and supports the overall corporate business strategy and risk appetite, and for bringing together two InfoSec organizations to deliver the needs of a larger combined entity. The scope of the role encompasses communications, applications, and infrastructure, including policies and procedures.
The CISO will have leadership over the following functional areas:
- Cyber Security Operations and Threat Management.
- Security and Privacy Incident Management.
- E-Discovery/Litigation support.
- Cloud and perimeter security.
- Vulnerability management.
- Cyber Security program governance.
- Identity and access governance.
- IT security standards.
- Education and awareness.
- Cyber Architecture and solutions.
- Customer identity and access management.
Specific responsibilities include, but are not necessarily limited to:
- Develop and maintain a program that provides appropriate access and ongoing oversight for the organization’s systems, information, and applications.
- Continuous review and monitoring of security frameworks.
- Develop and lead activities that ensure the effectiveness of internal controls, cyber security protection strategies, and emergency response capabilities.
- Act as the primary point of contact during significant crisis incidents, ensuring compliant reporting and appropriate security responses.
- Develop and deliver awareness and education programs to foster security understanding throughout the organization.
- Compliance and risk management initiatives including federal examinations, internal audits, and external audits.
- Create security strategies, policies, procedures, and reporting guidelines in alignment with all requirements.
- Maintain a strong awareness of applicable regulations, industry standards, best practices, and emerging threats.
- Direct strategy for regulatory, audit, and risk management efforts within the department.
- Establish and monitor expectations to achieve company goals and provide executive leadership with updates on the security program and emerging information that impacts the organization.
- Develop and lead a high performing team and program; manage the performance, training, and evaluation of assigned staff; provide professional development and ongoing education opportunities for the team.
- Proactively communicate with leaders across the organization to gain mutual understanding of how information security impacts business objectives.
- Minimum of ten years’ experience in information security, with at least five years managing a team and leading the information security function for a business.
- Proven track record of building risk-based information security programs that align with the business’s goals and objectives.
- Strong advocate of appropriate risk management that balances business requirements with cost-effective, implementable, and logical solutions.
- Technically adept in the areas of information technology, strategic planning, business continuity, disaster recovery, risk management, and vendor negotiations.
- Excellent communicator, both oral and written, with the ability to effectively relate across all levels of an organization.
- Highly collaborative; experience working cross-functionally to achieve information security that is aligned with business objectives.
- Credible and transparent.
- Strong orientation to data with sound business acumen.
- Lifelong learner; maintains solid network and current knowledge of best practices and emerging threats across the industry.
- Bachelor’s degree required; master’s degree preferred.
Compensation will be commensurate with experience including a competitive base salary, bonus opportunity, and competitive benefits package.
Company is an Equal Opportunity Employer and does not discriminate against applicants due to race, color, religion, national origin, sex, age, disability, veteran status, sexual orientation, gender identity, or other legally protected status.