Senior Vice President, Chief Information Security Officer

About The Position

Requirements

• Information Security and IT Risk leadership experience at the senior-most level within a high-transaction rate, critical-availability and technology-dependent financial services organization.
• Bachelor’s degree in computer science, management information systems, business administration, or related discipline highly desirable.
• Minimum of 10 years professional global experience in running the information security function, and analyzing and applying information security risk, IT risk management, and privacy practices.
• Seven to ten years of progressive people leadership, strategic planning and business transformation experience required.
• Possess a high-level of business acumen resulting in an expert level of competence in IT risk assessment and management, IT continuity management, IT governance and policy formulation, and organizational change management.
• Proven success in senior level Information Security role in a $1B+ organization
• Demonstrated ability to work at and communicate to leaders at the highest level, both internal and external to the organization.
• History of BOD level accountability.
• Expertise in IT security audit procedures, amendments and resolutions.
• Excellent written and verbal communication skills and high level of personal integrity; comfort in presenting to a wide range of audiences, including board level, clients, partners and regulators required.
• Deep network of relationships in the Security area within financial services organizations and government/agencies
• A skilled team builder who can attract, develop and retain the very best global talent and lead them toward the successful attainment of goals in support of the corporate business strategy.
• Experience with merger and acquisition and divestitures activities.
• Expert in information policy formulation, information security management, security attack pathologies, IT business risk management, authentication methodologies, and IT security incident response management.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams, including project teams.
• Possess strong global project management experience (resource allocation, budget, and timelines).
• Knowledge of national and international regulatory compliances and frameworks such as ISO, FFIEC, Dodd-Frank, SOX, GDPR, HIPAA, FINRA and PCI DSS.
• Expert experience with cloud security, layered security platforms and services, including understanding of current security offerings from leading cloud service providers (e.g. AWS), and their applicability to securing an enterprise security environment.
• Experience with contract and vendor negotiations and management including managed services.
• Demonstrate a consultative posture with the business and an extreme customer service focus.

Nice To Haves

• Master’s degree preferred.
• Current security clearance preferred.
• Specific experience in LEAN methodologies and Agile (scaled) software development preferred.
• Professional security certification(s), (CISSP, CISM or CISA) preferred.

Responsibilities

• Design, develop, implement and monitor a strategic, comprehensive global information security, engineering and IT risk management roadmap to align and scale with company growth, industry (Financial Services) and regulatory environment.
• Work directly with the business units to facilitate risk assessment and risk management processes; plan for and manage incident response plans while minimizing effect on the business.
• Exercise decision making authority on risk assessments and mitigation, overseeing process to ensure risks have been addressed, acting as policy making authority, creating InfoSec roadmap and technology priorities and solution (tools, vendors) proposals and recommendations, managing department budget.
• Ensure operating reliability and stability for Disaster Recovery processes and identity management programs and ensure protection from cyber-attacks, customer fraud, malware and other threats
• Prepare financial forecasts for security operations and proper maintenance cover for security assets.
• Develop and enhance an information security management framework and anticipate new security threats and stay up to date with evolving technology and solutions.
• Understand and interact with other functions to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Provide leadership to the global enterprise's information security organization (attract and retain employees that embody both the needed enterprise capabilities and cultural attributes of Western Union).
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Oversee the Security Operations Center (365 days, 24/7).
• Serve as the organization’s Subject Matter Expert (SME) for all global information security frameworks, standards and regulations for the business, the CEO, BOD and outside regulators.
• Direct the adoption and implementation of IT security, governance and risk policies and procedures across the global enterprise.
• Manage relationships with external information security technology vendors, law enforcement, relevant governmental agencies and specialized information security professional services firms.
• Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them.
• Manage risks relating to information security, IT business continuity and disaster recovery planning, IT crisis management, IT privacy, and designing and monitoring processes to ensure compliance with IT and information security protocols, and applicable data security regulations.
• Oversee investigations, audits and potential security breaches and necessary next steps and communications (internal and external).
• Identify and work with peer organizations, government and agencies, and the vendor community to ensure Western Union is at the forefront in this area, both in the US and globally.

Benefits

• short-term incentives
• multiple health insurance options
• accident and life insurance
• access to best-in-class development platforms
• Parental Leave
• Family First Programs
• Medical, Dental, and Life Insurance
• Tuition Repayment Assistance Program