The Director of Information Securityreports directly to the Global Head of Technology and is responsible to establish, maintain and oversee the enterprise-wide vision, strategy, architecture, policies and programs to ensure information assets are protected, technology systems are secure, and security and business continuity risk/reward decisions are balanced and comply with external regulatory requirements while maintaining an understanding of the challenges facing the business.
The person in this role will drive an information privacy and security-conscious culture, and is responsible for the analysis of risks, the design for risk remediation and the communication of securityrisks, both tactical and strategic to other business leaders, senior executives, internal and external auditors and boards of directors. The person in this role manages Russell Investments’ outsourced Security Operations Center (SOC) and the end-to-end IT Security Services (operationally and architecturally) coming from the firm’s primary IT Managed Services Provider. In addition, the person in this position is responsible in consultation with the Compliance and Global Risk Management Departments for developing and maintaining the Information Security policies, standards and guidelines which support regulatory compliance and security best practices.
The Director of Information Security directly manages a Security team of internal Russell Associates in the functional areas including, but not limited to:
- Security Governance
- Security Forensics
- Threat Intelligence
- Security Analysis
- Security Engineering
- Security Provider Management
- Security Operations
- Security Awareness
- Vendor Management
- Audit Assurance
- Security Communication to all levels of associates and senior management
The person in this role is accountable for managing, leading and developing the team into an increasingly well-educated and effective group of Security experts while also cultivating, within the team, a solid understanding of business needs and process cycles needed to ensure the successful execution of service levels, metrics, and reporting for advanced Security solutions and outsourced Security Services. The Director of Information Security is required to effectively balance the business’ evolving needs for flexible and easy-to-use solutions with requirements that keep Russell Investments’ information assets secure.
The responsibilities of the individual in this position include:
- Establish an IT security vision and strategy by collaborating with senior leadership team and work with all aspects of the business and company to develop and drive the security vision. Accountable for designing and delivering the security roadmap.
- Lead and mentor a collaborative and responsive team of skilled security professionals covering the breadth of shared services, engineering, application security, and risk management.
- Collaborate with senior leadership on all IT related aspects of risk management to identify, assess and, as necessary, address these risks. Serve as an expert advisor to senior leadership on IT security matters.
- Design, promote and assist with the implementation of organization-wide security solutions, which align Russell Investments’ business objectives with its information technologyinfrastructure, physical infrastructure and its human resources.
- Develop and maintain Information Security policies, standards and guidelines which support regulatory compliance and security best practices.
- Stay current on technological advances in the field and identify areas of use in the organization, particularly with financial services Fintech.
- In collaboration with Global Risk Management, orchestrate integrated contingency plans and business resumption efforts throughout Russell Investments so that all such efforts are responsive to Russell Investments’ needs.
- Develop plans, goals, objectives, service level agreements (SLAs) and otherproject management aids for the coordination of all security efforts throughout the organization in a manner which is fully in support of business strategies and objectives.
- Act as the primary change agent who facilitates information security related improvements in organizational culture, business relationships and product/service design.
- Oversee the development, implementation, and maintenance of global information security policy, information security standards, guidelines and procedures; develop emergency procedures and incident response protocols; acts as the control point during significant information security incidents.
- Detect, report, contain and mitigate incidents that impair adequate data and infrastructuresecurity.
- Understand potential threats, vulnerabilities, and control techniques. Monitor network of vendors and employees to ensure the safeguarding of information assets. Facilitate periodic penetration testing and securityaudits; establish information security related risk assessment criteria and methodology.
- Manage the multiple tiers of SecurityTechnicians who oversee the individual service delivery areas they have been assigned to enable SLA monitoring, customer satisfaction, problem and change management, escalation, notification and resolution.
- Actively manage, monitor, and negotiate brokered service contracts to reflect the Business Unit’s evolving expectations and requirements.
- Maintain relationships with local, state and federal law enforcement and other related government agencies in support of information security program and roadmap.
- Ensure a formal System Deployment Lifecycle and body of technical standards and methodologies are defined and followed which supports Russell Investments’ interests, including security, technology and business needs.
- Collaborate with the Compliance and Legal Departments to ensure that information security programs comply with relevant laws, regulations and policies, and to maintain a collaborative and integrated approach to information security and privacy.
- Anticipate and identify issues inhibiting the attainment of project goals; develop and implement corrective actions.
- Foster and maintain good relationships with customers to ensure processes are integrated to support expected customer service levels.
- Facilitate an effective team environment.
The successful candidate will have extensive demonstrable skills and experiences including the following:
- At least 15years of successful experience in security, IT architecture or engineering management. Significant understanding of system infrastructuretechnologies including network, server, end-point, mobile, storage.
- 10 years of senior management experience working with C-Level executives, clients and customers.
- Experience in preparing for and leading responses to cybersecurity incidents, including readiness testing, detection, investigation, and remediation, and demonstrated understanding of the business, legal, reputational, and otherrisks and considerations that cybersecuritythreats pose.
- Knowledge of the Asset Management & Financial Services industry.
- Knowledge of software development lifecycle.
- Business continuity/disaster recovery knowledge and experience.
- Ability to translate complex technical concepts into language suitable for a range of audiences, including software engineers, business and technical leaders and external security community members.
- Superior verbal, written and presentation communication skills.
- Ability to influence; collaboration and strong leadership skills along with the ability to lead enterprise change.
- Knowledge of security best practice frameworks, with a preference for NIST, ISO 27001.
- Bachelordegree in Business, MIS, Engineering, Computer Science or related field (or equivalent experience).
- Relevant certifications such as CISSP and CISM are preferred.