Financial Services – Deputy CISO, Canada
About the Company
Located in western Canada, our client is a leader in the financial services industry. With a well-established presence, it proudly serves millions of customers with a myriad of best-of-class products and services.
A well-known employer of choice, our client’s brand extends to superior customer service and experience, both via its extensive brick-and-mortar network and its continually evolving digital capabilities. It is expected that technology will play an ever-more important role in providing the rich omni-channel experience expected by customers.
Our client now seeks a Deputy Chief Information Security Officer (CISO) to serve a critical role in its operations.
Scope of Position
The objective of the role of the Deputy CISO is to cultivate an environment that attracts, deploys, and retains the human and other resources required to establish and maintain the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Reporting to the Chief Technology Officer, the successful candidate will ensure that the company’s IT security framework, governance, policies, and processes are consistent with the overall corporate goals and objectives.
Functional Tasks
1. Collaborate with key stakeholders to determine acceptable levels of risk in compliance with regulatory requirements.
2. Direct the development of an information security framework, along with the underlying standards, processes, and procedures.
3. Provide guidance and leadership in developing, maintaining, and updating the information security strategy.
4. Develop, implement, and effectively communicate a security awareness program for information security throughout the organization.
5. Ensure appropriate administrative, physical, and technical safeguards are in place to protect the information assets from internal and external threats.
6. Introduce and implement appropriate processes and procedures to test all information security safeguards on a regular basis.
7. Undertake periodic reviews and audits, as required, engaging both internal business partners and external resources.
8. Ensure that disaster recovery and emergency operating procedures are in place and tested regularly.
9. Provide leadership and oversight for the design and implementation of all security incident and vulnerability management processes.
10. Provide oversight and guidance in:
o performing ongoing security monitoring of information systems including assessing information security risk through qualitative risk analysis on a regular basis;
o conducting functional and gap analyses to determine compliance with statutory and regulatory requirements;
o evaluating and recommending new information security technologies and counter-measures against threats to information or privacy, and developing security reports and dashboards.
11. Develop and sustain alliances with appropriate industry associations to benchmark best practices.
12. Establish guidelines to understand and mitigate potential risks involved in the loss of intangibles (reputation).
Competency Profile
The following competencies define the role of Deputy CISO:
Integrity & Sincerity
Inspires trust and supports others through authenticity and following up on commitments. Maintains high ethical standards both personally and professionally.
Results Orientation
Aims to improve upon past performance. Conveys a sense of urgency and drives issues to closure.
Adaptability
Can alter own perspective and behavior in order to adjust to changing demands and plans. Open to change and readily adopts new methods.
Strategic Approach
Able to stand back from immediate problems to focus on more far-reaching ideas. Develops a strategic plan to realize the vision.
Innovation
Brings various perspectives and approaches together, combining them creatively to implement effective improvements.
Team Skills
Balances personal goals with those of the team. Fosters collaboration among team members.
Preferred Experience / Education
The following indicates specific industry, academic, and functional experience/qualifications that are important to the successful achievement of the identified responsibilities:
1. A minimum of 15 years of information security experience with at least 3-5 years related to IT security architecture.
2. A positive and participative leadership style with an ability to earn the trust and support of all levels of senior management.
3. A strategically oriented individual with superior communication and interpersonal skills.
4. A minimum 4-year undergraduate degree with an industry-recognized IT security designation (CISSP, CISA, or CISM).
5. Prior experience in the financial services industry is strongly preferred.
6. Experience with policy compliance tools and control processes.
#J-18808-Ljbffr