VP, Chief Information Security Officer

POSITION SUMMARY:

The VP, Chief Information Security Officer (CISO) is responsible for defining and executing the enterprise cybersecurity strategy for FPI (Financial Partners Inc), ensuring alignment with business objectives, regulatory expectations, and the organization’s commitment to customer trust. Serving as a key member of the leadership team, this role advises executive management and the Board on cybersecurity risks, emerging threats, and risk posture.

Operating within a complex financial services environment, the CISO oversees security engineering, security operations, governance, risk and compliance (GRC), and security architecture across a hybrid infrastructure that includes cloud, on-premise systems, modern application development, and third-party integrations. The role carries accountability for building and leading high-performing teams, managing budget and resources, and driving the execution and continuous maturity of the enterprise security program.

DUTIES AND RESPONSIBILITIES:

• Lead enterprise-wide cybersecurity strategy aligned to business growth and technology modernization
• Oversee cloud security, application security, Descopes, and data protection strategies
• Own incident response, crisis management, and breach response coordination
• Provide regular strategic briefings to executive leadership and Board of Directors
• Develop and track cybersecurity KPIs/KRIs and program maturity (e.g., NIST CSF)
• Oversee third-party and supply chain security risk management
• Partner with business leaders to enable secure product and service delivery
• Develop and maintain an Information Security program for a large Financial Services technology provider.
• Develop information security policies, practices, and recommendations for technology enhancements as necessary to reflect changing technology trends and security initiatives.
• Develop standards for security administration to be used within FPI and partner associations.

      ·        Coordinate the development and implementation of a security awareness program to inform internal and association partner employees about security issues.

• Perform security risk assessment, testing, and monitoring of security programs and policies and works with the Head of Internal Audit to ensure that the target results meet the expectations of our regulators and customers.

·         Oversee preparation of the Information Technology Risk and Security Risk Assessment including a cyber-security assessment. 

·         Responsible for overall internal controls framework including testing controls to support all audit activities including SOC (Standards of Conduct). 

·         Recommend improvements, modifications, and new procedures to mitigate risk and address inadequate or weak controls. 

·         Provides enterprise level reporting, leadership, and the Board insight into the organization''s risk posture.

ADDITIONAL RESPONSIBILITIES

• Work with the CTO to ensure that the security architecture design is appropriate for all major technology infrastructure and application system development projects.
• Complete pre-implementation and post-implementation security assessments of technology infrastructure and application development projects.
• Maintain current knowledge on evolving information security issues and legislation. Apply new concepts to the FPI environment.
• Support the internal audit function through the development and implementation of an Information security risk assessment program (security risk assessment, testing, and monitoring).
• Other tasks as assigned.

MINIMUM KNOWLEDGE AND EDUCATION REQUIREMENTS:

• Bachelor''s degree with typically at least 15 years of experience related to the duties and responsibilities specified. CISSP (Certified Information Systems Security Professional), CISM or similar certification is required. Master’s degree in business, technology, or related field highly desired.
• Expert on current technological trends and developments in information security with a deep understanding of Financial Services Information Security standards, regulations, and best practices.
• Expert level knowledge of IT (Information Technology) security products and techniques, network infrastructure, applications, and equipment pertinent to a large, distributed, heterogeneous computing environment.
• Must possess advanced verbal and written communication skills to provide technical guidance and leadership to professional personnel in security areas.
• Strong interpersonal skills and the ability to work effectively with a wide range of constituencies in a diverse community. 

MANAGERIAL FUNCTIONS 

• Oversee daily team operations to ensure alignment with organizational policies while facilitating effective communication, collaboration, continual improvement, and knowledge sharing within the team and across organization. 

• Provide clear direction, goals, and priorities to direct report(s) while mentoring them to enhance their skills and support their professional development 

• Foster a positive and inclusive work environment that supports employee engagement. 

• Address conflicts with professionalism and fairness, serving as the first point of contact for employee(s) communication and escalating issues appropriately in collaboration with HR when necessary. 

• Ensure employee(s) adherence to organizational policies and procedures by promoting and modeling compliance with labor laws, workplace standards, and ethical practices in all people management activities. 

• Manage administrative responsibilities, including reviewing and approving weekly timecards, processing time-off requests, tracking compliance tasks, and supporting team adherence to organizational policies and deadlines. 

• Conduct performance reviews by setting and communicating clear expectations and objectives, monitoring performance against goals, providing continuous feedback, and addressing performance issues promptly and effectively. 

• Oversee talent management processes for reports, including hiring, termination, performance evaluations, and pay reviews, ensuring alignment with unit objectives and adherence to company policies and procedures. 

ESSENTIAL FUNCTIONS

·         Ability to report to work in person and to attend work-related functions/activities.

·         Ability to work at a desk and use a computer for extended periods.

·         Ability to lift, carry, and move objects up to 10 pounds occasionally.

·         Ability to occasionally travel as required.

·         Ability to type and utilize various software programs efficiently and operate general office equipment.

·         Ability to work in an office setting with moderate noise levels.

·         Additional physical demands include, but may not be limited to, frequent talking or hearing, occasional push/pull, stoop/kneel, bend/twist, and reach to retrieve or move items in a typical office environment.

·         Must be able to work scheduled hours and overtime as needed.

·         Hybrid or remote work arrangements

o    This role has been designated as a Hybrid role, which gives employees the opportunity to work from home on Mondays and Fridays and working in the office on Tuesdays, Wednesdays, and Thursdays.  

o    Please note that the Company retains the right to change a position’s designation at any time.

Exceptions to the designated work arrangement may be made based on business needs

• Ability to concentrate and focus on details when reviewing documents, analyzing data, and performing computer-based tasks.
• Ability to manage multiple tasks and deadlines while maintaining accuracy and efficiency.
• Ability to problem-solve efficiently and make sound decisions.
• Ability to manage job-related stress and interactions with clients, colleagues, or external parties.
• Ability to communicate ideas clearly in both verbal and written form.
• Ability to work with others in a collegial and collaborative manner

This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

REASONABLE ACCOMMODATION: Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of their position.