SVP, Chief Security Officer

Company Description

Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 133,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.

The SVP, Chief Security Officer is a key member of the CIO staff and Zayo Senior Leadership Team (SLT), working across a broad set of business and technology stakeholders to define, design and execute the business’s overall security strategy.

The Chief Security Officer is responsible for the organization’s Global Security Program including, but not limited to, daily operations of the Company’s security program; oversight of annual and ongoing risk assessment processes; development, implementation, and maintenance of policies and procedures; ensuring the confidentiality, integrity and access of electronic protected information; monitoring of program compliance; and investigation and tracking of incidents and breaches and in compliance with federal and state laws. This role oversees the design and implementation of preventative security standards, procedures, and programs, and provides guidance and facilitation for business practices across the company. This role is also responsible for reporting program results of company security to the Audit Committee, Audit Chair and Board of Directors in partnership with the CIO.

Responsibilities

• Set vision and strategy for Information Security and ensure that the company has a consistent vision and operational focus for all security related practices at Zayo.
• Lead team of information security professionals to develop and implement information, product and physical security strategy.
• Supports ensuring information security requirements are embedded by design in new and changed services and technology through close collaboration with information technology and product and technology.
• Develop strong partnership with Executive Leadership across the business along with teams in sales, marketing, operations and product and technology to support the creation of products and services that deliver on the company’s revenue, margin and broader business objectives.
• Responsible for protecting the information, system, financial and physical assets of the enterprise and mitigating potential risks involved in the loss of intangibles, intellectual property, and trade secrets.
• Works across company functions to advise on technology risk while enabling business processes to achieve success.
• Establishes annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
• Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within the organization.
• Lead, plan and manage the execution and delivery of technical vulnerability analyses, audits, policy compliance reviews, BCDR implementation and planning, risk-based IT assessments and compliance reviews, and third-party risk questionnaires.
• Ensures information security policies, standards, and procedures are maintained and communicated.
• Initiates, facilitates, and promotes activities to foster information security awareness throughout the organization.
• Reviews, prepares, analyzes, and presents reports and recommendations to senior leaders regarding corporate security operations and/or other applicable areas of interest in order to provide concise and accurate information that aids in decision-making and appropriate corporate risk management.
• Directs information security controls by conducting periodic risk assessments to ensure that legal requirements are met for reasonable and adequate security.
• Establishes a governance process to accomplish goals and objectives in all technology departments and areas of the business. Establish and maintain best practices in protecting the company‘s information.
• Establishes an assurance function to assess risks and recommend programs accordingly. Manages audits and ensures compliance with external standards such as SOX, PCI, HIPPA, etc.
• Establishes and administers processes for investigating and acting on security incidents which may result in privacy breach.
• Establish and maintain policies and standards to drive privacy controls and compliance, including but not limited to HIPAA, PCI, CCPA, CCPR, and GDPR compliance.
• Serves as information security consultant to all departments for all data security related issues.
• Coordinates with local, state, federal, and international government agencies as required.
• Responsible for defining, leading, and executing Zayo’s privacy strategy, protecting the organization’s data; assessing risks; and maintaining compliance with required laws and regulations.

Preferred Skills and Abilities 

• Excellent analytical, problem-solving, and project management skills
• Ability to interact effectively with all levels of personnel
• Proactive leadership style
• Ability to make sound business decisions that are in alignment with organizational goals
• Ability to translate short and long-range strategic plans for enterprise-wide data management into design and implementation of current and future applications and systems
• Experience in telecommunications preferred
• Proven track record of successfully managing organizations through change and transformation
• Extensive experience in high level systems planning, design, development, maintenance and troubleshooting with a track record of accomplishment in large, complex, client/server based systems.
• Highly developed negotiation, facilitation and influencing skills.
• Excellent communication skills to both technical and non-technical audiences
• Strong financial acumen and understanding of IT Total Cost of Ownership

Requirements

• Advanced degree in information systems or related field
• 15+ years of Information Technology or Information Security experience
• 5+ years of leading teams of varying sizes in Information Technology or Information Security functions
• Current professional certifications such as CISSP, CISM, CISA or others
• Experience working with cybersecurity controls frameworks and data privacy regulations such as NIST CSF, ISO 27001/2, CIS Controls, GDPR, CCPA, or similar
• Excellent written and oral communication skills with an ability to effectively communicate security and privacy considerations to technical and non-technical audiences
• Base salary range for CO $275,000 – 315,000
• This role is eligible for equity

Benefits, Rewards & Wellness

• Excellent Health, Dental & Vision Insurance
• Retirement 401(k) Savings Plan
• Fitness membership discounts
• Generous paid time off policy including paid parental leave

Please note, in accordance with Zayo’s commitment to providing and maintaining a workplace free of recognized hazards, all U.S. and Canadian employees and any employee, vendor, customer, or visitor who enters a Zayo office or facility in the U.S. and Canada must be fully vaccinated against COVID-19 and provide proof of such vaccination. If you are hired by Zayo, you will be required to provide proof of vaccination or have a valid religious or medical reason not to be vaccinated.

Job ID : R0010116