Role: AVP - Cyber Security - Morristown - FTE
- Act as a trusted point of contact for the Vice President of Network & Security Operations on security management, applications, and business units.
- Co-Lead the internal Information Security Governance Council
- Work closely with security leadership overseeing security operations, incident response, application security and infrastructure.
- Oversee Implementation and Management of Cloud Security Architecture and Tools (Azure), security operation center and reporting.
- Work closely with the Enterprise Business Continuity Office, Identity access Management and IT Risk Management and Compliance teams.
- Be actively informed and engaged in daily security operations.
- Understand and be involved in disaster recovery and business continuity planning, testing and validation.
- Foster strong relationships with internal business units and external entities to maintain a strong network.
- Require security leadership and teams to consistently learn and share advanced knowledge and practices that promote excellence.
- In tandem with the VP of Network & Security Operations, manage the security budget and additional fiduciary responsibilities.
- Advise on enterprise-wide people, process, and technology security recommendations.
- Maintain an up-to-date level of knowledge relating to security threats, vulnerabilities and mitigations set forth to reduce the corporate attack surface.
- Implement a continuous vulnerability assessment and exposure analysis process and align technical teams to address a timeline for remediation and validation across applications and infrastructure.
- Sponsor vendor and technology solution selection, as well as third-party consulting services as needed.
- Require and support independent verification and validation testing of the company networks and data protection through internal team resources and independent consulting engagements.
- In conjunction with security leadership, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver to non-technical teams in terms that are readily comprehensible.
- Build relationships with technical and compliance teams to deliver security-by-design controls that are incorporated into projects, architecture, infrastructure, and applications.
- Stay abreast of new laws, regulations, and standards, and assess their impacts to the business.
- Verify security content training initiatives, as well as internal and external communication are conducted regularly.
- Oversee testing and validation of security controls across projects.
Qualifications / Skills:
- At least 10+ years' cybersecurity management experience with at least 8+ years in an operationally focused security practitioner role. Financial Services experience preferred.
- At least 3 years' experience working with business leadership and with some fiscal responsibilities.
- Experience in the evaluation and implementation of industry standard enterprise offerings from leading information security platforms such as Azure security tech stack, Crowd Strike, Okta, Qualys, Rapid 7, Azure Vault, Thycotic, Splunk, Palo Alto, etc.
- Strong written and verbal communication skills across all levels of the organization.
- Ability to effectively work in high velocity start-up and growth environment.
- Driven to be a part of a strong, cohesive team and positive enterprise-wide security culture.
- Proven high level of integrity, trustworthiness, and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism.
- Ability to gain and preserve credibility with the team through sustained industry knowledge.
- Ability to motivate the team to achieve excellence, while giving credit and recognition where it is due.
- Applicable knowledgeable with the Federal Financial Institutions Examination Council's (FFIEC) and the Cybersecurity Assessment Tool (CAT), EU's General Data Protection Regulation (GDPR), National Institute of Technology (NIST) standards, California Consumer Privacy Act (CCPA), International Standards Organization (ISO) standards, Health Information Portability and Accountability Act (HIPAA), New York Department of Financial Services (NYDFS) regulations and frameworks, etc.
- Demonstrated understanding and comprehension of a wide range of cybersecurity solutions.
- Master's or other advanced degree (MBA, information assurance, computer science, etc.) preferred but not required.
- Bachelor's degree in business administration, information assurance or related technical field.
- Preferable, but not required: CISSP, CISM, CRISC, CISA
If interested please respond with an updated resume.