Determining, implementing, and enforcing all of an organization's information security standards, technologies, and procedures.
Providing guidance in the area of IT risk management.
Continually identifying securitythreats and vulnerabilities in an organization's information systems.
Reassessing the amount of risk present as well as the cost and value of implementing controls and preventative measures.
Creating new policies and implementing system changes where necessary.
Promoting security awareness in the organization and for oversight of the management of access privileges.
Identifying protection goals, objectives and metrics consistent with Information Technology's strategic plan.
Managing the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.
Working withother executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
Maintaining relationships with local, state and federal law enforcement and other related government agencies and regulators.
Providing leadership for current Information Security staff.
Providing leadership and consistent communication across matrixed IT functional lines.
Overseeing incident response planning as well as the investigation of security breaches, and assisting with disciplinary and legal matters associated with such breaches as necessary.
Working with outside consultants as appropriate for independent securityaudits.
Responding to Client information requests and audits on a regular basis.
Reporting on Security and related issues to Senior management and/or the Board of Directors.
Physical protection responsibilities will include IT asset protection, access control systems, video surveillance, and more. Information protection responsibilities will include networksecurityarchitecture, network access and monitoring policies, employee education and awareness, and more.
Skills & Experience
15-20years in Financial Services related information technologyexperience with primary responsibilities in a security related role. Some experience in the banking industry is strongly preferred.
Bachelor's degree or equivalent and CISSP designation.
Must have experience with Sarbanes –Oxley compliance, GLBA compliance, and FFIEC audits.
Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team.
Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
Must possess the interpersonal skills to evangelize for security policies across a diverse array of technology and business communities.
Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
Must have strong working knowledge of pertinent law and the law enforcement community.
Must possess the ability to build and develop a high-performing team of security professionals.
Must have a solid understanding of information technology and information security.
Must have substantial exposure to data processing, hardware platforms, enterprise software applications, including cloud computing environments.