Are you a CISO who would like the opportunity to build and
execute a solid enterprise Information Security program with
foundational support from the executive office? This is your
opportunity to make a lasting impact on a strong financial services
Ameritas Life Insurance Corp is seeking aVice President, Chief
Information Security Officer (CISO) who will lead the information
security assessment management activities. The CISO leads the
development and implementation of a comprehensive security program
that leverages collaborations, facilitates information security
governance, advises leadership on security direction and resource
investments, and supports design of appropriate policies to manage
information security risk. The complexity of this position requires
a leadership approach that is engaging, imaginative, and
collaborative, with the ability to work with other leaders to set
the best balance between security strategies and other
At Ameritas , fulfilling life is what we do daily. We
continuously strive to help our customers and employees enjoy life
at its very best by reducing uncertainty, helping grow assets and
protecting what is most cherished. We're here to help people put
worry behind and the future ahead and help enable a life that's
rich in family, happiness, health and financial security. When
lives are fulfilled, our mission is fulfilled.
Serve as the leader of the strategic, comprehensive enterprise
information security through collaboration with technology, risk
management, compliance, and business areas.
Regular reporting and communication to senior leadership and the
Board of Directors on information security risks, best practices
implementation and projects to advance the maturity of the
Serve as subject matter expert on security standards, best
practices and business aligned best practices.
Implement systems to identify, evaluate and monitor information
security risks. Additionally, initiate projects or changes to
ensure the security program matches business risk expectations as
set by the Board and senior leadership.
Ensure that the security program is in compliance with
applicable laws, regulations, and contractual requirements. This
includes maintaining current knowledge on changing regulations
specific to security, identifying appropriate implementation plans,
and ensuring requirements are met.
Responsible for security risk assessment, mitigation and
avoidance including compiling an inventory of information assets,
understanding the threats they face, and identifying appropriate
protections to put in place.
Consult on and provide security review of new technologies and
systems to ensure appropriate security considerations are
Lead, manage, develop, and mentor the security teams including
security operations, vulnerability management, and security risk
management. Oversee and set key performance metrics and other goals
and objectives for these teams.
Responsible for ongoing monitoring of activity including
identification of anomalous events and incidents and execution of
appropriate investigations, resolutions, and responses.
Responsible for vulnerability management program.
Responsible for data loss protection program
Lead the development of up-to-date information security
policies, procedures, standards and guidelines, and oversee their
approval, dissemination, and maintenance.
Oversee the evaluation, selection and implementation of
information security solutions that are innovative, cost-effective,
and minimally disruptive.
Partner with and serve as advisor to IT on proposed changes, new
risks, and other security issues as they arise and help ensure that
technologies are developed and maintained according to security
policies and guidelines.
Maintain annual security & privacy awareness training
Develop business metrics to measure the effectiveness of the
security management program and increase the maturity of the
program over time.
Monitor the industry and external environment for emerging
security threats and advise relevant stakeholders on appropriate
courses of action.
Oversee incident response planning and the investigation of
security breaches, and assist with any associated disciplinary,
public relations and legal matters.
Review investigations after security incidents, including impact
analysis and recommendations for avoiding similar
Partner with Third Party Risk Management to ensure appropriate
security monitoring and oversight related to third parties.
Bachelor's degree in Information Systems (or related degree) or
equivalent work experience required.
10+ years of information security experience directly aligned to
the specific responsibilities for this role.
5+ years management experience including strategy and
influencing senior leadership and stakeholders.
5+ years of strong hands-on experiences and technical depth in
one, or more technology areas, including Data security,
Infrastructure security, Endpoint/Platform security, Distributed
Technologies, Replication technology, Cloud or Application
Prior experience working with external auditors and regulators
as firm representative for cyber security standards.
Experience developing and enforcing an enterprise information
Experience with regulatory requirements and standards frameworks
such as: GLBA, SSAE16, ISO, FINRA, NIST, PCI, HIPAA, NYDFS.
Business continuity planning, IT audit, risk management,
security operations, and managed security services, as well as
contract and vendor negotiation experience.
One or more information security or related certifications
Strong technical skills including a solid understanding of
information technology and information security.
A track record in the successful management of programs and
people, both internal and external, as well as demonstrated complex
program/project/vendor management skills.
Agile, versatile, flexible and the ability to work with
constantly changing/evolving priorities.
Must be a collaborative, articulate and persuasive leader who
can serve as an effective member of the management team.
Ability to communicate security-related concepts to a broad
range of technical and non-technical staff.
Experienced in presenting to senior executives and the Board of