Vice President of Information Security

Position Description :

We are recruiting a VP of Information Systems for a full time position. This role is an executive level role which will report onsite daily in the company headquarters in Norwalk, CT.

Position Overview:

This role will be responsible for all our business' information security, risk, and compliance activities. This role will report to the SVP, Information Technology, with visibility and accountability to our executive leadership team and customers. Constant collaboration with the larger technology organization is crucial and uphold proper compliance and separation concerns.

This position will oversee the compliance and Governance function which leads the organization's IT compliance, governance, business continuity planning (BCP), and business impact analysis (BIA) initiatives working with cross-functional teams, including IT, legal, risk, internal audit, and business continuity teams to implement and maintain effective IT governance frameworks, ensure compliance with regulatory obligations, and maintain robust business continuity practices.

Key to this role is the assessment and oversight of all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational, and commercial requirements governing the organization's information technology systems.

This role will also direct and/or influence the development and implementation of policies, procedures, and controls to ensure that the organization's security and audit compliance remain in line with applicable laws, industry standards, etc. In this role, you will work directly with non-IT compliance professionals such as finance, marketing, legal, audit and corporate compliance to ensure organizational alignment.

Responsibilities:

• Assess our development and operation environments to identify risks and gaps related to information security, including potential data breach risks.
• Define, champion, and execute the overall corporate IT security strategy, roadmap, and governance structure with the buy-in from operational and business stakeholder.
• Implement all IT security, data breach, and regulatory compliance programs including legal requirements, industry regulations, and best practices.
• Develop corporate information security and risk policies, training and education. Provide managerial and technical guidance on the development of information security policies, guidelines, standards, procedures, and responsibility designations.
• Ensure business requirements include security requirements, and are aligned with and support security mission, policies and procedures and their relationship to security, privacy and compliance requirements.
• Oversees security incident response planning and participates in the investigation and reporting of security breaches.
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, internal/external auditors, etc.
• Coordinate security readiness activities in concert with the VP of IT Infrastructure to include penetration testing (internal and external), communications networks, voice and voice recording systems, etc.
• Coordinate audit-related tasks such as ensuring the readiness of IT VP's and their organizations for audit testing and facilitating the timely resolution of any audit findings.
• Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
• Assist business and IT VPs with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
• Conduct vendor assessments and audits for evaluation and tracking of risk.
• Present annually before the Board, or as necessary.
• Ensure all patches and upgrades to security are monitored and implemented.
• Develop and management of the CISO team.

Essential Functions:

Job Requirements:

• Bachelor's degree in business administration or a technology-related field, or equivalent work or education-related experience.
• Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
• Minimum of 15 years of experience in a combination of risk management, information security and Engineering roles. At least 4 years in a senior leadership role.
• Relevant experience managing security for companies that leverage cloud technologies and / or offer platform as a service (PaaS) with security commitments to customers and partners.
• Relevant experience working in the payment industry with a deep understanding of regulatory frameworks such as ISO, PCI DSS, NIST, COBIT, etc.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Must be able to effectively liaise with internal direct reports and senior management as well as internal customers, clients, partners and stakeholders.
• Proven track record and experience in developing information security policies and procedures.
• Must be a critical thinker, with strong problem-solving skills.
• Strong project management, financial/budget management, scheduling and resource management skills.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Work with corporate legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.
• Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws.
• Create a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls.
• Conduct necessary IT compliance control monitoring and testing activities to determine the effectiveness of the controls.
• Remediate IT compliance control deficiencies.
• Coordinate the investigation of any potential unlawful or fraudulent action related to IT compliance, such as the intentional release of privileged information or a related security breach.