Information Security Officer- Avp

Information Security Officer

Part of a team responsible for ensuring the security of the business and functional teams in line with company security policy and risk tolerances.

Other key relationships:

- Information Security Officers
- Business and Functional Technical Leaders
- Cyber Transformation Office
- Collaboration with 3LOD - Compliance, Risk Management, Corporate Audit
- Regional CISO

What you will be responsible for
- Consistent and effective engagement with Information Technology and Business leadership to embed security into their strategic and tactical plans.
- Champion the Information Security mandates acting as a liaison between Global Cyber Security org and Business Units.
- Addressing security and risk posture within the BUs.
- Being a Trusted Security Adviser to the BU Leadership team.
- Cross pollinating information risk management practices across to the BU as a standard practice.
- Serve as an informed liaison between the Global Cyber Security org and BU.
- Assist in the development and successful outcomes of Security KPIs that drive control effectiveness.
- Directly support assessments within the ISO's individual BU.
- Participate in TPRM assessment for assigned BU.
- Create ambassadorship programs down in the business to ensure security is a partnership.
- Stay up to date on present and emerging security trends.

Key Responsibilities
- Actively promote and deliver on the ISO program and its mission.
- Collaborate with Global Cyber Security and business partner teams to ensure alignment addressing security policies in their products and services.
- Create visibility through effective metrics and reporting.
- Participate actively in decision making with engagement management and seek to understand the broader impact of current decisions.
- Create and deliver effective presentations as a means for communicating project and deliverable progress.
- Build and nurture positive working relationships with clients with the intention to exceed client expectations.
- Ability to give presentations at all levels and diverse audiences.
- Work cross-functionally with team members to support and enhance collaborative environment.
- Positioning security within the business with the ability to communicate in non-technical terminology.
- Manage the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
- Partner with BU Leadership to identify, evaluate, and address cyber security risks.
- Ensures and monitors security compliance with industry and government rules and regulations.
- Coordinates with technology and business groups to assess, implement, and monitor IT-related security risks.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- Report security performance against established security metrics.
- Promote information security awareness program to ensure staff members across the organization understand the trade-off between risk and return.
- Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns by end users so that policy can align with need.

Desired Outcomes
- Operate as the primary intake point for BU and Global Cyber Security communication.
- Delivery of effective security outcomes that drives improvements of security within the business.
- SMART mechanisms that symbolize success of Security adoption within the BUs.
- Development of Forum based security communication channels.
- Reach target KPI success metric goals.
- Operate at the CIO dotted line level.

Critical Leadership Capabilities
- Driving results
- Strategic Thinking
- Collaborating & Influencing
- Change Management
- Senior Executive communication

Education & Preferred Qualifications
- 7+ years of experience in information security, preferably in a risk management capacity.
- Project Management experience leading small and medium sized teams to successful completion.
- Modern technical understanding and experience developing and implementing innovated techniques to delivering cost efficient security solutions.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- Ability to react to high pressure dynamic changing environments
- Preference not Mandatory : Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM)
- Highly regulated environment experience, preferably financial services.
- Bachelors degree in a technical field