Chief Information Security Officer

Job Description
Position Purpose
Implement and maintain an information security program covering the entire organization. Evaluates risks, threats and consequences in order to establish an appropriate prevention plan. Establish policies and standards as necessary for governance of the information security program. Provide an advisory role, support, information, training, and alert to other departments.
Primary Duties / Responsibilities
Lead the Enterprise Information Security Group. Drive the design and execution of the information security strategy, work in partnership with various key stakeholders (Risk Management, Technology, Legal, Human Resources, Lines of Business Management, etc.)
Serve as the senior spokesperson for information security, including communicating key issues, risks, and progress to governance committees, business executives, Regulators, and the Board of Directors.
Build and Lead the Information Security Steering Committee.
Monitor and measure progress and highlight/escalate issues.
Build, retain and develop a team of top cyber security talent.
Design and operate a Security Operations Center to promptly identify and respond to security issues/anomalies. Execute and maintain response processes to ensure timely response to detected cybersecurity events. Contain and mitigate incidents and newly identified vulnerabilities.
Build and run a risk assessment program that includes comprehensive technical assessments of applications and infrastructure, penetration tests, and security architecture assessments. Ensure the provision of data security subject matter expertise to project teams to ensure early identification of data security requirements. Categorize and prioritize assessment risks for remediation.
Design and run an information security metrics/reporting program. In addition, produce information security reports as required, including Regulatory reports.
Ensure readiness for regulatory and internal audit examinations. Timely respond to inquiries and ensure suitability and timely execution of corrective action plans.
Build and run training and awareness programs to educate and alert staff, third parties, and clients to key risks and the behaviors and actions required to mitigate risks.
Build strong and effective relationships with key staff and support initiatives to advance information security capabilities.
Actively engage with industry associations and develop industry relationships. Stay abreast of evolving threats/risks.
Oversee the Enterprise Information Security Group’s projects and guide the projects to on-time and on-budget delivery. Ensure transparency of key project risks.
Serve as the owner of the information security policy and oversee the policy exception management process. Evolve policy and standards to account for new technologies, changing regulations, threats, and risks.
Contribute to the leadership team's success by influencing decisions, leading, and supporting initiatives.
Conduct career planning with assigned staff.
Mentor staff members to ensure their goals align with BU/Domain goals and the staff members are growing
Execute projects in Agile (or at appropriate times Waterfall) methodologies.
Function as PM or Scrum Lead to ensure projects are delivered on time, on budget with the desired outcomes
Implement analytics to measure and ensure adoption, taking corrective action when required.