Chief Information Security Officer (CISO)

About The Position

Requirements

• Must possess a solid understanding of Information Technology, Information Security, and Risk Management.
• Ability to interface with senior management, as well as a diverse culture of corporate, operations and IT personnel.
• Knowledge of security and control frameworks, such as ISO 17799, COBIT, ITIL.
• Demonstrated competency in creating and executing on strategic plans
• Proven track record of leading large, complex projects with multiple stakeholders and driving organizational change
• Demonstrated success with meeting the needs of a wide range of employees while driving team performance, monitoring results and appropriately allocating resources
• Possesses and applies comprehensive knowledge of principles, practices, and procedures of particular field of specialization to the successful execution of multiple complex projects
• Strong experience and knowledge of functional tools and infrastructure
• Progressive experience in leading employees in multiple locations, and significant experience developing and implementing solutions
• Possesses strong problem solving, collaboration, critical thinking, team building, and presentation skills
• Results oriented with strong time management and project management skills, and must be highly organized and driven to succeed
• Strong leadership skills, leading by example, driving employee commitment through actions, and empowering employees to reach their full potential
• Computer Science BS or Management Information Systems BS.
• 12+ years progressive information security management and/or risk management experience in the Financial Services or Healthcare sector is required (Financial Services experience highly preferred).
• Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is required, (CISSP is highly preferred).

Nice To Haves

• Computer Science MS or Management Information Systems MS; Preferred.

Responsibilities

• Understand corporate strategic plans and fundamental business activities at First American.
• Maintain current knowledge of applicable regulatory and compliance issues related to Information Security. Based on this knowledge, develop, maintain and oversee an enterprise- wide Information Security Program consistent with applicable regulatory and compliance requirements.
• Develop and oversee a network of business unit based security directors and vendors who safeguard the company’s assets, intellectual property and computer systems, as well as the physical safety of employees and visitors.
• Define, identify and classify critical information assets, assess threats and vulnerabilities regarding those assets and implement safeguard recommendations.
• Manage the development and implementation of global security policy. Including policies, standards and guidelines related to personnel, facilities, data security, disaster recovery and business continuity.
• Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
• Serve as enterprise focal point for computer security incident response planning, execution and awareness.
• Develop a process to review new facilities, applications and/or technology environments during the development or acquisitions process to ensure compliance with corporate security policies and directions. Facilitate process via business unit based personnel.
• Periodically test and evaluate Information Security controls and techniques to assure compliance with policies. Coordinate the use of external resources involved in the performance of security testing (i.e. penetration tests and vulnerability scans).
• Develop business- relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
• Report to executive management on the effectiveness of the Information Security Program, including policy violations, security risks, progress of all security-related remedial actions and metrics.
• Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as NIST and PCI.
• Provide strategic and tactical security guidance for all IT projects, including the evaluation of the enterprise architecture, hardware, software and technical controls.
• Oversee the development and implementation of a company-wide Information Security training program to assure the organization’s workforce is knowledgeable of Information Security policies, practices and relevant guidance appropriate to their role in the organization. Provide the foundation for the security culture and awareness of the enterprise.
• Oversee the development and implementation of activities to foster Information Security awareness within the Company and related entities.
• Work with the Chief Compliance Officer relative to difficult privacy and security issues.
• Work with the Chief Compliance Officer and Chief Information Officer relative to presentations and briefing of the Board of Directors.
• Serve as Manager of the Information Security Governance Department. As such, perform ongoing analysis of the Information Security Governance Program and provide recommendations for change or improvement.
• Serve as chairperson of the organization’s Security Steering Committee.
• Serve in leadership role for security initiatives and activities and as a leader for teams investigating and addressing various security and privacy issues.
• Maintain relationships with local, state and federal law enforcement and other related government agencies.
• Required to perform duties outside of normal work hours based on business needs.

Benefits

• Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.