Accountable for Information Security while providing Strategic and Operational directions – including but not limited to Vulnerability and Threat Management, eDiscovery, Security Awareness, Risk assessment and posture and Identity and Access Management, as well as insight and thought leadership for all other activities associated with Information Security.
Strong CISO leadership track record and accountability within in a large complex global enterprise is mandatory.
Essential Duties & Responsibilities
- Leads, directs, and has accountability for the performance and development of subordinate staff in Information Risk Management, Architecture, Security Operations, Vulnerability and Threat Management, Identity and Access Management, and eDiscovery in accordance with corporate strategic direction. May include matrix reporting relationships.
- Establishes and directs the design, development, testing and implementation of appropriate Information Security strategies, plans, products, and other access control techniques. Also identifies emerging vulnerabilities, evaluates associated risks and threats, and provides countermeasures where necessary.
- Directs the staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the information security technologies which promote a secure and uninterrupted operation of all IT systems.
- Manages the reporting, investigation, and resolution of information security incidents. Works with and consults with senior business leaders such as the Chief Compliance Officer and the Office of General Counsel on potential data breaches. Oversees digitalforensics activities to support Human Resources, Legal, and other key stakeholders while maintaining appropriate chain of custody.
- Manages the staff overseeing all aspects of Identity and Access Management. Ensures that appropriate access is provided to employees, contractors, and other parties in a timely fashion meeting strict security standard in accordance with the principles of Segregation of Duties and Least Privilege. Works closely with Human Resources and Enterprise Procurement to ensure IT aspects of new employee and contractor on-boarding are appropriately completed.
- Oversees staff supporting the Office of the General Counsel in the collection, delivery, and presentation of electronic evidence regarding litigation for and against the company. Provides services to manage the full life-cycle of electronically stored information to those ends.
- Responsible for the development and implementation of security standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments (e.g., company-wide, distributed, client server systems, and e-applications).
- Responsible for ensuring appropriate governance over Managed Service Providers managing and maintaining information security technologies.
- Maintains contact with industry security groups, and an awareness of current vulnerabilities, threats, and risks to data privacy and information security.
- May perform additional duties associated with Cyber Security as assigned.
Skills, Knowledge & Abilities
- Thorough understanding of Cyber Security technologies and offerings in the market place, as well as the processesassociated with running a cybersecurity operation.
- Senior level understanding of all aspects of information security, including: security and risk management frameworks, vulnerability and threat management, security operations, security organization, architecture, access control, and securityincident management.
- Well versed and prior experience in leading enterprise wide programs to secure cloud-based initiatives and offerings in IaaS and PaaS.
- Familiarity with industry accepted frameworks such as NIST, OWASP, ISO 27001 ISMS, PCI, SOX etc.
- Excellent ability to influence change in corporate understanding and adoption of information security concepts.
- Excellent analytical and problem-solving skills.
- Excellent communications and interpersonal skills and the ability to work effectively with peers; senior executives in both IT and across business units; and internal/external business partners/clients. Ability to effectively explain complex security-related concepts and issues to non-technical and business audiences.
- Strong understanding of crisis management skills.
- Experience working as a CISO within a global organization.
- Ability to effectively communicate with all levels of employees within scope of responsibility.
- Ability to manage complex projects to completion.
- Proven ability to lead and motivate others in accomplishing goals.
- Ability to exercise professional judgment and assume responsibility for decisions which have an impact on people, quality of service, and costs.
- Advanced computer skills including Microsoft Office suite and other business-related software systems.
- Preferred insurance industry knowledge.
Education & Experience
- Bachelor's degree with master’s preferred in Computer Science, or related discipline, or equivalent work experience.
- A minimum of 15 years of experience in information security.
- A minimum of five years of supervisory/management experience (CISO level is mandatory) including preparing and managing a significant operating budget.
- CISSP certification is required upon hire. Additional certifications and trainings such as CISA, CISM, CCSK are preferred.