VP, Security Operations

Responsible for overseeing all aspects of 24/7 security operations capability, including leading FOACs efforts to prevent, detect, and respond to cyber threats and systematically reduce vulnerabilities across the FOAC enterprise. Provides strategic direction and vision, implements scalable and efficient policies, processes, and reporting systems, and ensures quality and consistent delivery that meets internal and external requirements. Leads and manages resources across multiple security programs including, but not limited to security operations, vulnerability management, threat intelligence, incident response, and cyber services management. Supports the enterprise strategy through long-range planning and objectives, security budget management, vendor selection, and delivery results.

EXPECTATIONS

• Leads the overall strategy, execution and roadmaps of the Security Operations (SecOps) Program to include staffing, budgeting and security tooling selection.

• Leads development, implementation, and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets.

• Drives compliance and risk initiatives to build awareness of, and compliance with, SOX IT General Controls and FFIEC best practices.

• Manages projects to design, implement, and monitor a strategic, comprehensive information security vision and strategy that is aligned to organizational priorities and enables the organization's business objectives.

• Establishes and implements a process to identify, respond, contain and communicate suspected or confirmed incidents to ensure the protection of corporate IT assets, intellectual property, regulated data, and the company's reputation.

• Directs a targeted information security awareness training program for all employees, contractors, and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.

• Manages development of an information security framework based on National Institute of Standard and Technology (NIST) Cybersecurity Framework (CSF) and other industry best practices.

• Contributes to the publication of information security policies, standards, and guidelines.

• Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the Security Operations Program, and reviews it with stakeholders as appropriate.

• Communicates Vulnerability Management (VM) goals and Security Operations goals, vision and strategy across Finance of America Companies.

• Creates the internal networks among the information security team and line-of-business executives, compliance, audit, legal, technology, and HR management teams to ensure alignment.

• Establishes, implements, and improves capabilities and processes to identify, respond, remediate, and communicate suspected or confirmed presence of vulnerabilities to ensure the protection of corporate IT assets, intellectual property, regulated data, and the company's reputation.

• Develops external Enterprise Security (ES) partnerships to push VM, ES, and FOAC objectives forward.

• Leads a team of skilled Offensive Security Engineers in carefully planned and coordinated offensive engagements against the organization's infrastructure, applications, and services.

• Provides technical expertise and guidance to team members, encouraging the successful execution of duties, documentation, and communication of findings to partner teams.

• Performs other duties as assigned.

Qualifications

QUALIFICATIONS - EDUCATION - REQUIRED

Bachelor's degree

QUALIFICATIONS - EDUCATION - PREFERRED

Master's Degree

QUALIFICATIONS - EDUCATION - FIELD(S)/PROFESSION(S)

Computer Science, Information Security, Management of Information Systems or related field

QUALIFICATIONS - EXPERIENCE/SKILLS/COMPETENCIES

• Minimum of eight years of experience in information security, risk management, security operations, and information technology fields, with 5 years of progressive management experience.

• Minimum five years of experience in progressively senior leadership roles.

• Demonstrated senior corporate leadership experience, ideally in building programs across a diversified organization preferred.

• Knowledge of technologies underpinning the lending process and technology industry trends.

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate action(s).

• Highly motivated with an ability to manage open-ended challenges, take initiative, work autonomously, and drive projects forward to completion.

• Ability to present complex material in an easily understandable format (written or oral) and communicate effectively across groups, including executives, with varying levels of technology knowledge.

• Proven ability to prioritize effectively, manage multiple matters, and meet deadlines.

• Comfortable working amidst structural uncertainty to bring order and process where there is none.

• Knowledge of key U.S. laws and regulations relating to financial services technology and cybersecurity.

• Knowledge of a wide range of technologies and how to best leverage them at enterprise scale to achieve strategic objectives that drive enterprise business outcomes.

• Proven project management experience with excellent analytical/problem solving skills.

• Experience managing large budgets and identifying cost efficiencies.