Vice President of Security Risk

The Vice President of Security Risk provides leadership and direction to the Security Risk management organization and is recognized as a trusted advisor to senior executives on information security and risk management matters. The VP leader will be accountable for the performance and results of the Security Risk Management, Security Risk Operations, Security Risk Product, and Security communications teams. In this capacity the leader must set functional strategies related to program delivery and provide oversight of functional business plans, development, and deployment of Security Risk services.

What You’ll Do

• Risk Management:
• Develop and implement a comprehensive security risk management framework that includes threat assessment, vulnerability assessment, and risk mitigation strategies
• Identify, assess, and report security risks across the organization
• Develop and implement global security risk management policies, guidelines, and procedures
• Work with senior management to establish security risk tolerance levels and implement risk management strategies to mitigate and manage risk within those tolerances.

• Risk Operations:
• Oversee risk management operations, including a risk register, risk analysis, and risk treatment
• Monitor and assess the effectiveness of risk management activities
• Manage Client Inquiry response team, automaton, and artifact delivery platforms
• Assesses and Manage risk with third-party vendors and other counterparties
• Define, deploy & monitor enhanced social engineering risk techniques and simulations

• Risk Product Development:
• Develop and maintain a suite of risk management products and services to address the organization's security risk profile
• Develop and implement a roadmap for ongoing development and improvement of risk management products and services
• Work with internal stakeholders to ensure that risk management products meet their needs.

• Communications & Awareness:
• Provide regular reports to senior management and Board of Directors on the status of security risk management activities and progress against risk mitigation strategies
• Work with internal & external stakeholders to communicate security risk management strategies
• Manage workforce communication strategy to drive security awareness & a Security First culture
• Develop, and maintain Annual, New Hire, Regulatory and role-based Security education
• Represent the company in external forums related to security risk management.
  

What Experience You Need

• 10 years of experience managing and leading key security staff and programs.
• Knowledge and experience of the key security areas described above: Risk Management, Risk Operations, Risk Product Development, Risk Communications & Awareness
• Strong experience in a matrixed environment, supporting multiple business lines and contributing to and collaborating with an international organization.
• Strong evidence of being able to balance risk and control requirements while appreciating commercial goals
• Strong foundational understanding of secure software engineering principles and cloud security controls. Experience with any cloud service offerings (Google, AWS , Azure)
• Proven understanding of security controls and technologies including but limited to SIEM, DLP, WAF, IPS, and firewalls.
• Well versed in compliance and security standards and guidelines including: SOX, NIST, CIS, ISO 27001/2, PCI DSS, Cyber Essentials and other relevant regional regulations.
• Holding one or more professional qualifications such as CISSP, CISM, CISA, CCSP, PCI-ISA
  
  

What Could Set You Apart

• High self-motivation and ambition; conscientious work ethic, high standards, and keen attention for details. Beyond mere compensation, seeks learning, experience, and the career growth that naturally accompanies these.
• Articulate, well-spoken, and well-written as befits a senior customer service role. Able to interact with all stakeholders at the highest level of professionalism and service.
• Solution-oriented, willing to do whatever it takes to deliver a complete solution to our customers. When a handoff is appropriate, exemplary coordination and communication.
• Effective at networking, building long-term relationships where outcomes are achieved by goodwill and consensus rather than through direct management power.
• High integrity and an “engineer’s mindset” of doing complete, quality work -- but tempered when necessary with a business mindset and smart pragmatism.