Assistant Vice President, Deputy Chief Information Security Officer

About The Position

Requirements

• Bachelor's Degree In information security, computer science or information technology, or commensurate selection criteria experience.
• Minimum of 10 years of management level experience.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
• Demonstrated experience effectively influencing a group to a recommended course of action.
• Proven experience in working with complex programs, which require identifying complex data and analyzing the quality of the output provided.
• Demonstrated knowledge and understanding of relevant legal and regulatory requirements, such as New York Department of Financial Services Cybersecurity regulation, NAIC Data Security Model Law, and Health Insurance Portability and Accountability Act (HIPAA).
• Demonstrated excellent verbal and written communication skills, interpersonal and collaborative skills with the ability to convey complex concepts and security and risk-related information to internal and external customers (technical and nontechnical) at all levels in a clear, accurate, focused and concise manner, and presentation style. Verbal and written communications are to conform to proper rules of punctuation, grammar, diction and style.
• Proven leadership, interpersonal skills and ability to work cross-functionally and to develop associates in their skills and proficiency, while achieving tactical and strategic goals.
• Demonstrated poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Proven strong quantitative and analytical skills, including demonstrated experience identifying, defining and resolving complex programs, and collecting or interpreting data to establish facts and draw valid conclusions to provide effective resolutions. Proven experience with sound decision-making and critical thinking skills when dealing with multiple alternatives. Must demonstrate the ability to conceptualize and apply new methodologies.
• Demonstrated ability to direct multiple projects under strict timelines, within budget and financial targets and with appropriate resource management as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Proficient in word processing, spreadsheet and presentation applications.
• Familiarity with Project Management systems and processes.
• CISSP Certified Information Systems Security Professional Upon Hire.
• GIAC Security Expert (GSE) Upon Hire.
• Certified Information Security Manager (CISM) Upon Hire.
• Certified Information Systems Auditor (CISA) Upon Hire.
• ISACA certifications including CRISC or CGEIT Upon Hire.

Nice To Haves

• Prefer experience in a combination of risk management, information security and IT-related positions.
• Series 99 certification Upon Hire.

Responsibilities

• Directs Information Security Risk Management services for the Enterprise through effective and collaborative corporate governance structures, ensuring adherence to information security principles and corporate expectations.
• Coordinates resources in the assessment of information security risk and partnering with others in the Enterprise to provide guidance for risk treatment plans.
• Facilitates metrics and reporting on the efficiency and effectiveness of the Information Security Risk Management function.
• Provides regular reporting on the current status of information security risks to senior-level management.
• Leads the information security and risk management awareness training programs for all associates, contractors and authorized system users.
• Oversees third-party vendor due diligence security reviews to ensure compliance with information security policy, security procedures and regulatory requirements.
• Handles escalations from the team in reporting deficiencies or risks to the appropriate executive-level stakeholders in IT, the business and third parties.
• Partners with IT leadership and compliance teams to support process/program improvements.
• Develops and oversees the implementation of W&SFG's IAM strategy that is aligned with business priorities, industry best practices and the Information Security strategic plan.
• Ensures the successful delivery of IAM products and services required to meet business and technology requirements, which includes directory services (e.g., AD), identity federation (e.g., SAML, SSO, and ADFS), Multi-Factor Authentication (MFA), and Identity Management (IdM).
• Is responsible for the development and enforcement of companywide information security policies, standards and procedures within Information Security Risk Management and Identity and Access Management.
• Develops and manages the team's budget, monitors for variances and actively assists with the completion of the Information Security budget.
• Collaborate with IT in support of Disaster Recovery and Business Continuity.
• Manages and ensures timely completion of all assigned audit remediation work, internal projects and Portfolio level project deliverables.
• Recruits, hires, trains and develops management staff.
• Provides direction to and development to managers through coaching, the administration of the Performance Management Program, and the creation and implementation of development plans.
• Promotes development of management team and associates to ensure they are adequately trained to carry out their responsibilities and stay current on state-of-the-art technology.
• Potential on-call support during nights and weekends.
• Performs other duties as assigned.
• Complies with all policies and standards.