Information Security Leader – Flexible

About the job

At Equitable, our power is in our people.

We’re individuals from different cultures and backgrounds. Those differences make us stronger as a team and a force for good in our communities. Here, you’ll work with dynamic individuals, build your skills, and unleash new ways of working and thinking. Are you ready to join an organization that will help unlock your potential?

Information Security Leading IV

The individual handling this role must ensure assurance, 3rd party and other assessments are planned, conducted, reviewed and managed to minimize risk exposure and risk impacts to the business. The Director’s responsibility is to anticipate, identify, monitor and mitigate information security risks. This will include assessing the company’s IT projects, controls, as well as potential/existing vendors for compliance to the company’s policies. In addition, this role is tasked with compiling data and completing documentation related to the risk/issues identified, as well as ensuring that they are appropriately captured, assessed and mitigated to acceptable levels. The Director must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. This role will be part of Office of the Chief Information Security Officer (CISO), reporting to the Director of Information Security Management.

Description Of Responsibilities

  • Work closely with Corporate Sourcing and Procurement in coordinating the classification and tiering of vendors by risks and risk impacts
  • Develop, monitor and possibly execute vendor remediation actions and mitigation plans when risks or events are identified
  • Review vendor regulatory compliance
  • Influence vendors and business partners to ensure compliance with the organization’s risk management policies
  • Collaborate as appropriate with information security, compliance and/or disaster recovery and business continuity management to maintain an enterprise risk management program
  • Coordinate the gathering of vendor risk assessment data and prepare risk assessments for critical-related vendors as needed, to be published and communicated to stakeholders
  • Plan and conduct information security assessments
  • Monitor and advise on information security issues related to information assets, data systems, information workflows to identify and mitigate security risks
  • Review projects for compliance to information security requirements
  • Coordinate the gathering of vendor, assurance and other assessment data and prepare reports for submission to management
  • Meet with senior leadership and executive management to discuss issues identified and partner closely with IT and the business on remediation activities
  • Collect metrics on the status of issues and due dates and report to senior leadership regularly to ensure timely remediation
  • Build communication and escalation plans around vendor risk management and assurance activities within the enterprise
  • Participate in annual audits and other data security reviews as needed
  • Serve on various IT committees and working groups as appropriate
  • Plan and execute upon the multi-year strategy to continue maturing your organization considering the evolving threat landscape
  • Determine and communicate budget requirements for your organization based on the multi-year strategy
  • Develop and coordinate policies and processes for your organization, keeping in line with the broader enterprise, operational and IT risk management model
  • Work with regulatory officers and auditors as necessary
  • Communicate identified risk requirements and violations to internal stakeholders (and end users within the business), as well as vendors while supporting the response to and addressing of these issues
  • Responsible to meet or exceed all goals and key performance indicators (KPIs)
  • Maintain a calm demeanor and manage issues professionally and respectfully
  • Act with integrity and trust, modeling behavior that respects our employees, peers and customers in accordance with the core values of our company

Skills To Be Successful

Agile Methodologies: Knowledge of concept and principles of agile methodology; ability to apply appropriate agile approaches in the processes of software development and delivery.

Confidentiality: Knowledge of practices and policies governing disclosure of information about the organization, its business activities, and employees; ability to apply this knowledge appropriately to diverse situations.

Industry Knowledge: Knowledge of the organization’s industry group, trends, directions, major issues, regulatory considerations, and trendsetters; ability to apply industry knowledge appropriately to diverse situations.

Information Security Management: Knowledge of the processes, tools and techniques of information security management; ability to deploy and monitor information security systems, while detecting, controlling and preventing violations of IT security.

IT Governance: Knowledge of the accountability framework and processes used to encourage proper behavior in IT activities and operations; ability to implement IT systems and controls to meet business needs and requirements.

Diversity, Equity and Inclusion: Demonstrates a commitment to Diversity, Equity and Inclusion by treating everyone with respect and dignity, ensuring all voices are heard and advocating for change.

Additional Qualifications

  • Bachelor’s degree Required
  • A minimum of ten years of experience in managing risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation and remediation of risks
  • Technical background or demonstrable understanding of a range of operational and IT risks and operations
  • Strong business background; experience gathering and interpreting risks and associated impacts in context of financial and operational concerns
  • Strong understanding of complex audit and vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits

About Equitable

At Equitable, we’re a team of over ten thousand strong; committed to helping our clients secure their financial well-being so that they can pursue long and fulfilling lives.

We turn challenges into opportunities by thinking, working, and leading differently – where everyone is a leader. We encourage every employee to leverage their unique talents to become a force for good at Equitable and in their local communities.

We are continuously investing in our people by offering growth, internal mobility, comprehensive compensation and benefits to support overall well-being, flexibility, and a culture of collaboration and teamwork.

We are looking for talented, dedicated, purposeful people who want to make an impact. Join Equitable and pursue a career with purpose.

Equitable is committed to providing equal employment opportunities to our employees, applicants and candidates based on individual qualifications, without regard to race, color, religion, gender, gender identity and expression, age, national origin, mental or physical disabilities, sexual orientation, veteran status, genetic information or any other class protected by federal, state and local laws.

NOTE: Equitable participates in the E-Verify program.

If reasonable accommodation is needed to participate in the job application or interview process or to perform the essential job functions of this position, please contact Human Resources at (212) 314-2211 or email us at TalentAcquisition@equitable.com.

Primary Location

UNITED STATES-NC-Charlotte

Other Locations

UNITED STATES-NY-SYRACUSE

Organization

Equitable

Schedule

Full-time

More Information

Apply for this job

Leave your thoughts

Share this job