The Director, Information Security is a highly technical role focused on directing, leading, inspiring, innovating and overseeing the Cyber Defense Engineering, Detection & Response Platform Engineering, Identity & Access Management Engineering, Incident Response, and Threat Hunting teams for Thrivent’s Information Security department. This role should have experience in risk analysis and the ability to communicate to IT partners and business areas based on risk. The Director, Information Security will report to the Chief Information Security Officer (CISO) and provide both tactical and strategic guidance on security practices. The Director is expected to have hands-on technical expertise in the areas of information security solutions architecture, security event management, intrusion detection & remediation, perimeter security, and cybersecurity incident response. The Director, Information is responsible for directing the day to day operations of the Information Security Program.
The Director, Information Security, has overall responsibility for overseeing more than one team or function and fostering relationships and partnerships with IT, Privacy Office, and business. Serves a lead role in developing information security strategy and proactively leads the advancement of security and business technology solutions for Thrivent.
Travel up 15-20% aligned to corporate travel policy.
Job Duties and Responsibilities
- This role will drive the development, implementation and monitoring of a comprehensive enterprise information security engineering and operations, identity and access management, and incident response teams
- Proven thought-leadership across Information Security engineering focus areas; Cyber Defense and Identity & Access Management.
- Extensive experience in Incident Response and Identity & Access Management
- Experience using quantitative risk analysis.
- Leads strategic planning, development, delivery and operation of systems and solutions that meet business goals and objectives. Uses business and technical knowledge to effectively provide overall leadership, coaching, insights and direction to the areas supported
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the company with a realistic overview of risk and threats in the enterprise
- Develop KPIs for measuring and improving the effectiveness of the overall information security program.
- Advises executive management team on critical security issues and recommends risk reduction solutions.
- Oversee the evaluation, selection, and implementation of information security solutions that are innovative, minimize risk, and cost-effective.
- Builds and maintains a high-performing team; selects, develops, coaches, rewards and recognizes team members
- Establishes goals and objectives for each area aligned to the goals and objectives of the division and the business areas supported
- Remain informed on trends, threats, capabilities and issues in the security industry, including current and emerging threat and technologies.
- Lead the detection, response, and reporting to information security incidents
- Assist CISO in preparing briefings and executive level reports (e.g., Board, Audit, and Risk Committees).
- Effectively manages operating expenses, capital spending and project budgets associated with areas of accountability
- Utilizes negotiation and persuasion to influence decision making
- Directs and manages the work of internal staff, consultants, contractors and external vendors to effectively deliver multiple large-scale projects and service solutions.
- Leads and executes on complex initiatives and solutions that VPs have deemed as important.
Required Job Qualifications
- Bachelor’s degree or equivalent experience (Business, IT, Computer Science, Math, Engineering or related field)
- 10+ years business/IT experience in progressively responsible roles
- 5+ years of leadership/management experience
- Demonstrated domain expertise in the following Information Security programs areas: Identity & Access Management, Threat Management, Incident Management and/or Security Engineering & Operations
- Demonstrate ability to conduct and drive decisions with a risk-based approach.
- Prior leadership experience in a director level or equivalent role with broad functional accountability
- Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials
- Strong understanding of National Institute of Standards and Technology (NIST) Cyber Security Standard (CSF)
- Excellent knowledge of information security technology, cloud technologies, such as firewalls, intrusion detection systems (IDS), data loss protection (DLP), identity & access management (IAM), anti-malware, and SIEM technologies.
- Experience in ServiceNow applications (e.g., Vulnerability Response, GRC, Vendor Risk Management, Issues Management)
- Experience with and understanding of emerging technologies and their impact on enterprise architectures:
- Have well developed change management skills; be effective in working across organizational boundaries to build a case for change, and to execute on the change plan - from strategy through to ongoing operation and process improvement.
- Able to operate at advanced level of written and spoken communications; write and speak effectively and with impact and ability to influence change.
Thrivent provides Equal Employment Opportunity (EEO) without regard to race, religion, color, sex, gender identity, sexual orientation, pregnancy, national origin, age, disability, marital status, citizenship status, military or veteran status, genetic information, or any other status protected by applicable local, state, or federal law. This policy applies to all employees and job applicants.