Vice President, Information Security

About The Position

Requirements

• Bachelor’s degree in computer science, Cybersecurity, Information Systems, Risk Management, or a related discipline, or equivalent work experience.
• 6-10 years of experience in Cybersecurity and Information Systems.
• Experience in Governance, Risk, and Compliance, Information Security, Technology Risk, Cybersecurity, or a related field.
• Strong experience in issue management, control remediation, audit support, risk analysis, or compliance oversight.
• Strong analytical, problem-solving, and troubleshooting skills.
• Experience working with business intelligence, data analysis, and reporting platforms such as SQL, DB2, Power BI, Business Objects, Qlik, Tableau, Excel, and PowerPoint.
• Working knowledge of logical and physical database concepts and data structures.
• Knowledge of cybersecurity controls, risk management principles, and issue remediation practices.
• Understanding of the System Development Life Cycle (SDLC) and technology risk implications across the development and production lifecycle.
• Excellent written and verbal communication skills, including the ability to communicate clearly to both technical and non-technical stakeholders.
• Strong time management, independent judgment, and decision-making capabilities.
• Self-motivated, detail-oriented, and able to work effectively both independently and as part of a team.

Nice To Haves

• Degree in Cybersecurity, Information Systems, Business, or a related discipline.
• Experience in the securities, banking, or financial services industry.
• Experience supporting audit, regulatory examinations, or formal remediation programs.
• Familiarity with industry control and risk frameworks such as: NIST Cybersecurity Framework, NIST 800-53, Cyber Risk Institute Cyber Profile, ISO 27001, COBIT, FFIEC guidance, PCI DSS, where applicable
• Experience with GRC platforms, issue tracking systems, and control management tools.
• Experience aggregating vulnerability, control, audit, and self-identified findings into integrated reporting and remediation workflows.

Responsibilities

• Manage the end-to-end lifecycle of cyber and technology control issues, including intake, assessment, prioritization, escalation, tracking, remediation, validation, and closure.
• Review and analyze complex data sets to identify trends, insights, emerging risks, and actionable recommendations related to control deficiencies and remediation progress.
• Recommend risk mitigation strategies and courses of action in coordination with Information Security and Enterprise Control Management stakeholders.
• Escalate high-risk issues, delayed remediation activity, and significant change-related risk items for appropriate risk treatment and governance review.
• Identify operational roadblocks and control gaps that may hinder timely remediation and help drive countermeasures and corrective actions.
• Support governance processes related to cyber risk, control management, audit findings, and regulatory commitments.
• Help ensure control remediation activities are aligned to internal standards, policy expectations, and external regulatory obligations.
• Contribute to audit readiness by maintaining clear issue documentation, remediation evidence, status reporting, and closure support.
• Partner with control owners and stakeholders to ensure remediation plans are sustainable, measurable, and appropriately documented.
• Produce and interpret metrics, dashboards, trend analyses, and management reporting related to issue inventory, remediation status, control health, and cyber hygiene.
• Consolidate automated and self-identified findings into a cohesive issue management and reporting framework.
• Use business intelligence and reporting tools to support analysis, executive reporting, and decision-making.
• Provide direction and guidance on reports and analyses to ensure recommendations align with business needs, risk priorities, and organizational capabilities.
• Work closely with Information Security, Technology, Risk, Audit, Compliance, and business teams in a collaborative and results-oriented manner.
• Provide professional support and consultative guidance on major components of the organization’s information security and control environment.
• Partner with other IT and business areas to improve issue management practices, control completeness, and remediation effectiveness.
• Contribute to the achievement of team and organizational objectives through proactive risk management and strong stakeholder engagement.

Benefits

• Highly competitive compensation
• Benefits and wellbeing programs
• Access to flexible global resources and tools
• Generous paid leaves
• Paid volunteer time