Our client is seeking a hands-on and forward-thinking individual to be their Director of Information Security & Compliance. This role will be responsible for leading and overseeing the company's information security governance program. This position demands deep technical knowledge and skills to actively assess and test the adequacy of the technical security architecture as a key component of the role.
Reporting to the Chief Risk Officer (CRO) and collaborating closely with key technology stakeholders, this role will develop and implement comprehensive information security governance strategies, policies, and procedures. These efforts will ensure the organization's information assets-including internal data, devices, SaaS platforms, customer PII, and third-party interfaces-are monitored, controlled, and safeguarded in alignment with regulatory requirements for financial services companies.
Key Responsibilities
Information Security Governance
- Create, implement, and oversee the company's information security governance plan and program to establish a strong information security risk posture aligned with the CRO's vision and the company's current and future needs.
Information Risk Management
Perform information risk inventories and assessments to prioritize cyber and information security audits.Identify and assess security risks through testing and controls evaluation.Develop strategies to mitigate risks, monitor progress, and make remediation recommendations to management and executive leadership.Policies and Procedures Development
Establish and enforce information security policies, standards, guidelines, and procedures.Collaborate with stakeholders to monitor compliance and provide training, mentorship, and recommendations for improvements.Security Monitoring and Reporting
Actively monitor security exception reporting and practices within the information security architecture.Oversee open items in the MS Azure environment, including cloud-based controls, secure coding practices, application development adherence to SDLC, and Vanta platform administration.Incident and Business Resumption Response
Evolve security incident, business continuity, and disaster recovery processes in collaboration with the CRO and CTO.Participate in annual compliance testing and develop federally compliant customer notification processes.Compliance and Regulatory Alignment
Manage the company's information security posture within applicable regulations (e.g., NCUA, FDIC).Prepare for PCI DSS 4.0 and SOC II reviews.Create a CIS18 v8 framework within Vanta and ensure compliance with laws and regulations such as CCPA, TCPA, GLBA, and industry standards like FFIEC and ACET.Vendor Management
Evaluate and manage third-party vendors and service providers from an information security perspective to ensure compliance with security requirements.Leadership
Collaborate with the CRO and key stakeholders to assess and address information security risks while aligning solutions with strategic initiatives.Stay ahead of emerging threats and technologies to continuously improve the security posture.Co-chair the Information Risk Committee with the CRO to implement effective governance practices.Skills and Experience
Required :
10 years of experience in senior management, with at least 5 years in a senior information security leadership role.Deep technical knowledge of IT operations, controls, and cloud-based environments, particularly MS Azure.Experience in a regulated industry such as financial services.Background in information technology audit and testing.Proven ability to lead, motivate, and manage complex relationships, teams, and projects.Strong analytical and problem-solving skills for addressing security challenges.Preferred :
Working knowledge of regulations such as NCUA, FDIC, FFIEC, ACET, and NIST.Certifications such as CISA, CISSP, or CISM.Membership in ISACA or IIA.Bachelor's degree in information technology, business, or a related field.Ability to be on-site in Paoli, PA 2-3 days / week.Candidate must be local to the Malvern, PA area.
