We are looking for an experienced executive leader who can set and direct strategy and operations of a robust information security (AKA cybersecurity) function. This will include attracting and retaining skilled security personnel, developing plans for strengthening security posture, setting and overseeing security-related policies. This role must manage the contributions of multiple outsourced service providers and communicate effectively with company leaders and the Board of Directors. This role requires close coordination and collaboration with the company’s Risk Management, Audit and Compliance functions.
This role reports directly to the Chief Information Officer (CIO) and will have consideration for the CIO role in succession planning. The CISO manages a small team (8 - 10) team of direct reports and relies heavily on outsourced specialty firms for execution of initiatives and some security operations. The CISO will collaborate closely with peer IT function leaders, including the Head of Infrastructure, CTO and Head of Applications.
Success in security initiatives will often require careful coordination of activities with the larger (approx. 450 people) IT organization. Candidates must demonstrate the ability to organize complex work streams, collaborate effectively with colleagues and build credible business cases for proposed changes. National Life IT is a highly outsourced, multi-vendor environment, including on-shore and offshore teams. Top candidates will have demonstrated success working in this kind of heavily outsourced, distributed environment.
- Attract, retain, motivate and up-skill an extended team of security professionals.
- Develop and communicate a credible, executable vision for improving security.
- Hands-on management of expense and capital budgets for security operations and investments.
- Build and maintain positive, constructive relationships inside and outside of IT.
- Clearly and effectively communicate security status, goals and plans to executive leaders and the Board of Directors.
- Personally direct and lead the most important security related initiatives to successful outcomes.
- Represent the firm in security related matters with regulators, examiners and auditors.
- Interact internally and externally with senior level management, including the negotiation of extremely critical matters.
- Recommend and present year-over-year Information Securityinvestment options, defined with sustainable metrics for measuring performance and outcome.
- Develop and maintain healthy, win-win security supplier relationships.
- Develop programs for user awareness, compliance monitoring, and security compliance; maintaining information security devices and software; monitoring compliance procedures; and resolving security policy issues.
- Humility, motivation and values aligned with our Servant Leadership tenants
- Skilled at mentoring, inspiring and developing team members
- Demonstrated learning agility, especially as relates to business acumen (e.g.- Life and Annuities)
- Relevant industry certifications, CISSP preferred.
- Knowledge of relevant information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST.
- Minimum of 10 years of leadership experience in information technology and minimum of 5years of leadership roles in information security
- Diverse security and IT background with knowledge in multiple areas including infrastructure, IT service management, networking, application development and information security-related standards and initiatives.
- Practical experience with regulatory, audit and compliance activities.
- Bachelor’s degree, preferred in Business or Computer Science; or relevant work experience.
- Ability to evaluate risks to the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions.
- Strong understanding of the financial and performance implications of information security-related decisions.