Chief Information Security Officer

Company: Ameritas
Location: Lincoln
Posted on: September 12, 2020

Job Description:

Are you a CISO who would like the opportunity to build and execute a solid enterprise Information Security program with foundational support from the executive office? This is your opportunity to make a lasting impact on a strong financial services organization.

Ameritas Life Insurance Corp is seeking aVice President, Chief Information Security Officer (CISO) who will lead the information security assessment management activities. The CISO leads the development and implementation of a comprehensive security program that leverages collaborations, facilitates information security governance, advises leadership on security direction and resource investments, and supports design of appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with the ability to work with other leaders to set the best balance between security strategies and other organizational priorities.

At Ameritas , fulfilling life is what we do daily. We continuously strive to help our customers and employees enjoy life at its very best by reducing uncertainty, helping grow assets and protecting what is most cherished. We're here to help people put worry behind and the future ahead and help enable a life that's rich in family, happiness, health and financial security. When lives are fulfilled, our mission is fulfilled.

Essential Functions

Serve as the leader of the strategic, comprehensive enterprise information security through collaboration with technology, risk management, compliance, and business areas.

Regular reporting and communication to senior leadership and the Board of Directors on information security risks, best practices implementation and projects to advance the maturity of the program.

Serve as subject matter expert on security standards, best practices and business aligned best practices.

Implement systems to identify, evaluate and monitor information security risks. Additionally, initiate projects or changes to ensure the security program matches business risk expectations as set by the Board and senior leadership.

Ensure that the security program is in compliance with applicable laws, regulations, and contractual requirements. This includes maintaining current knowledge on changing regulations specific to security, identifying appropriate implementation plans, and ensuring requirements are met.

Responsible for security risk assessment, mitigation and avoidance including compiling an inventory of information assets, understanding the threats they face, and identifying appropriate protections to put in place.

Consult on and provide security review of new technologies and systems to ensure appropriate security considerations are addressed.

Lead, manage, develop, and mentor the security teams including security operations, vulnerability management, and security risk management. Oversee and set key performance metrics and other goals and objectives for these teams.

Responsible for ongoing monitoring of activity including identification of anomalous events and incidents and execution of appropriate investigations, resolutions, and responses.

Responsible for vulnerability management program.

Responsible for data loss protection program

Lead the development of up-to-date information security policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.

Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.

Partner with and serve as advisor to IT on proposed changes, new risks, and other security issues as they arise and help ensure that technologies are developed and maintained according to security policies and guidelines.

Maintain annual security & privacy awareness training program

Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.

Monitor the industry and external environment for emerging security threats and advise relevant stakeholders on appropriate courses of action.

Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.

Review investigations after security incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

Partner with Third Party Risk Management to ensure appropriate security monitoring and oversight related to third parties.

Experience

Bachelor's degree in Information Systems (or related degree) or equivalent work experience required.

10+ years of information security experience directly aligned to the specific responsibilities for this role.

5+ years management experience including strategy and influencing senior leadership and stakeholders.

5+ years of strong hands-on experiences and technical depth in one, or more technology areas, including Data security, Infrastructure security, Endpoint/Platform security, Distributed Technologies, Replication technology, Cloud or Application Security.

Prior experience working with external auditors and regulators as firm representative for cyber security standards.

Experience developing and enforcing an enterprise information security program.

Experience with regulatory requirements and standards frameworks such as: GLBA, SSAE16, ISO, FINRA, NIST, PCI, HIPAA, NYDFS.

Business continuity planning, IT audit, risk management, security operations, and managed security services, as well as contract and vendor negotiation experience.

One or more information security or related certifications preferred.

Strong technical skills including a solid understanding of information technology and information security.

A track record in the successful management of programs and people, both internal and external, as well as demonstrated complex program/project/vendor management skills.

Agile, versatile, flexible and the ability to work with constantly changing/evolving priorities.

Must be a collaborative, articulate and persuasive leader who can serve as an effective member of the management team.

Ability to communicate security-related concepts to a broad range of technical and non-technical staff.

Experienced in presenting to senior executives and the Board of Directors.

Keywords: Ameritas, Lincoln , Chief Information Security Officer, Other , Lincoln, Nebraska