Protecting the integrity, availability, and confidentiality of customer and employee information, IT infrastructure, and business intellectual property is a key role at Elevate. The life-blood of Elevate is its customers and the data, along with the IT infrastructure and systems that process and store customer data. The CSO role protects these areas and the business’ intellectual property through the application of security best practices via policy creation, policy enforcement, user education, and vulnerability assessment. The CSO is also responsible for physical security and all governance, compliance and risk aspects of information and physical security. This position reports to the Chief Information Officer and partners with the Board Risk Committee, the executive team, Enterprise Technology (ET) department leadership, general staff, partners and vendors on a regular basis.
Principal Duties and Responsibilities:
Oversee and coordinate security efforts across the company, including enterprise technology, human resources, legal, facilities management, compliance, risk management, audit, and other groups.
Serve as the primary point of contact regarding all security matters and be responsible for setting direction for the information security program (ISP), identifying security initiatives and standards, as well as taking responsibility for execution.
Work with ET leadership team to implement an overall security program including programs for the physical safety of employees and visitors.
Identify goals, objectives, and security strategies consistent with the achieving the corporate strategic plan.
Manage the development and implementation of an industry standard risk framework, global security policy, standards, guidelines, and procedures to ensure ongoing maintenance of security.
Implement and manage physical asset protection, workplace violence prevention, physical access control systems, and video surveillance infrastructure.
Oversee network security architecture, network access and monitoring policies.
Implement and drive employee security education and awareness programs.
Work with senior management and ET personnel to design and develop effective disaster recovery and business continuity plans.
Maintain relationships with local, state, and federal law enforcement and other related government agencies.
Oversee security incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
Work with outside consultants and vendors as appropriate for independent security audits.
Facilitate the handling of internal and external ET audit requests.
Develop and implement an ongoing risk assessment program targeting information security and privacy matters, recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Keep abreast of latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to Elevate and its mission.
Develop annual budget recommendations for security related capital and operational expenses, training, and staff needs.
Ensure a strong application security program, including vulnerability management, security testing, developer education that is integrated in the SDLC process.
Experience and Education:
Bachelor’s degree in computer science, information security, or related area; advanced degree preferred.
10+ years’ experience working in an information security related field.
Proven leadership skills, including effective oral and written communication, staffing, resource utilization, performance management, issue resolution, negotiation, vendor management, motivating others, forecasting, and planning.
Professional experience in financial services and e-commerce strongly preferred but not required.
CISSP certification or equivalent strongly preferred.
Demonstrated understanding of information system architectures and evolving technology.
Demonstrated ability to perform information security operation (ISO) functions in a financial institution, or similarly regulated financial vertical environment.
Understanding of strategic direction and goals of the business and how to intertwine security needs with goals and objectives of the organization.
Ability to establish a vision for global and individual business security programs, and to build support for their implementation and ongoing development.