Please note I have direct access to the Hiring CISO on this position.
Compensation: Salary + Bonus + Options
A leading national publicly traded financial institution is looking for a VP of Security. The company has experienced significant growth over the past 5 years including increase in profit from $60 million to $180 million and increase in net assets from $5 billion to $15 billion and growth of the security department five fold.
The VP of Security will be responsible for:
- Becoming familiar with the different operational layers of the organization and meeting with all pertinent departments (Infrastructure, Development Managers, Corporate IT, Network Engineering, Product Management, etc.) in order perform an overall company wide Information Security Enterprise Risk Assessment and proactively establish essential relationships.
- Work with CISO and CRO to design a plan to implement The Three Lines of Defense Model: Line 1. Management Control (reports to Operational Management/IT) Line 2. Risk Management (reports to the VP of Security) Line 3. Internal Audit (reports to Executive Management)
- The VP of Security will lead the Line 2 of Defense and will:
- Support the First Line (Operational Management/IT) by designing, implementing and maintaining an Enterprise Risk Management Framework and compliance program and security tools to assess and manage risk at the enterprise level.
- Work with the First Line to assess risks and establish policies and guidelines, and advise, monitor, and report on the first line s effectiveness at managing risk and maintaining and operating a resilient control infrastructure.
- Facilitate and monitor implementation of effective risk management practices and security tools by the First Line/Operational Management.
- Establishing and managing Security SLA s and KPI s
- Alerting the First Line/Operational Management to emerging security issues and changing regulatory, compliance and risk scenarios
- The specific technical security areas that the VP of Security will be responsible for assisting the First Line in implementing security for include:
- Securing Azure Cloud Environment (currently running as SAAS and PAAS and moving to IAAS)
- Design and implementation of DevSecOps
- Securing the SDLC
- Developing and publishing Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
The VP of Security reports to the CISO. The CISO reports to the CRO.
- Experience at the Security Architect, Manager, Director, VP, ISO and/or CISO level
- Expertise in one or more of the following Security Areas:
- Designing and implementing an Enterprise Risk Management Framework
- Securing the implementation and management of Azure and/or AWS Cloud environments
- Managing the design, build out and administration of a DevSecOps environment
- Securing the SDLC
- Experience with any of the following are only a PLUS; NOT mandatory
- Experience in highly regulated/compliance environment
- Familiarity with The Three Levels of Defense Model
- Architecture risk analysis
- BS or MS degree in CS or related field and/or CISSP, CEH, OPST, OPSA, CPSSE, ECSP, GSSP, Certified Security Software Engineer
The company offers full benefits (PPO & HMO) including dental and vision, matching 401K, 3 weeks of vacation, 8 paid sick/personal days, Short/Long Term Disability, Life Insurance, Employee Assistance Program, Wellness Programs, casual dress and flexible work hours that all start upon employment.