VP Security/Compliance & Risk Management

BASIC PURPOSE:

The primary responsibility of the Vice President , Security, Compliance & Risk Management (SCR) is leading the SCR function. This includes research, selection, standards, and implementation planning for all SCR initiatives. The VP will have overall responsibility for a comprehensive security program that includes information security policies, compliance, and governance, and will investigate, plan, and facilitate the implementation of security & compliance policies/procedures to address regulatory and both internal and external audits. The VP will be responsible for coordinating the response to the external audits of IT, track internal and external audit status, and provide reports to senior management of system activity related to audit status and other risk related items, as well as be responsible for developing and implementing a corporate culture of compliance and information security.

ESSENTIAL FUNCTIONS:

• Provide leadership and resource development for the compliance security and risk management group.
• Establish objectives and provide work direction to team members.
• Provide project management leadership and coordinates SCR project activities across the IT organization.
• Lead design to inspire continuous process improvement in the compliance, quality assurance and security efforts for the organization.
• Work closely with infrastructure & app development teams to streamline business processes.
• Work closely with the infrastructure team to enable the implementation, monitoring and response to SCR Policies.
• Work closely with General Counsel and external counsel.
• Create and maintain a strong relationship with appropriate law enforcement agencies such as the FBI and the US Treasury.
• Coordinate with management on business growth and security risk mitigation to introduce new technology.
• Build strong relationships with key stake holders and convey the Company's technical regulatory/ audit competencies during external audit and legal interactions.
• Ensure that security & compliance strategies, policies, and implementations are well designed.
• Investigate and identify security solutions and production standards for IT.
• Determine medium and long-term security compliance and risk management strategy and applies it across all areas of employee process and vendor management initiatives.
• Complete security audits on a periodic basis.
• Plan and expand current service offerings.
• Provide management with detailed root cause analysis of all system level business disruptions.
• Perform other job-related duties as required.

QUALIFICATIONS:

• Successful establishment and management of audit, security quality and compliance teams
• Strong understanding of management principles, practices, and procedures
• Broad range of technical IT compliance/audit experience with a proven technical project management and process improvement background.
• Minimum 10 years working in an IT organization in a Compliance Role
• Graduate level degree in a related field strongly preferred.
• Strong experience in Open Systems, Internet and network security products and platforms, including intrusion detection/prevention, incident response and investigation, vulnerability assessments, data loss prevention, and penetration testing.
• Thorough understanding of security requirements of Sarbanes-Oxley, ISO Certifications, COBIT, NIST and Data Privacy Laws
• Strong Experience with business continuity/disaster recovery auditing and remediation testing
• Proven track record leading the Change Advisory Board
• Working knowledge with OneTrust, Microsoft WSUS and System Center
• Excellent communication skills - verbal, written and presentation ability required.
• Active membership in InfraGard preferred.