VP, Chief Information Security Officer

Summary

The Chief Information Security Officer (CISO) is accountable for assessing sustaining and maturing Northwestern Mutuals enterprise-wide information risk management and cyber security practice. This executive leadership role champions a security-first integrated risk culture ensuring effective technical and administrative controls are embedded in IT and the business. As the leader of the enterprises second line of defense this role is responsible for proactively assessing prioritizing and sequencing the treatment of cyber threats and information security risks to ensure ongoing compliance and alignment with industry standards and regulations. Additionally the CISO advises and influences executive leadership and the Board of Trustees on all matters related to information security.

Primary Duties & Responsibilities

• Experienced technology leader with deep financial skills capable of developing a comprehensive and fiscally balanced investment plan capable of managing a deeply talented Information Security organization with proven leadership skills in a complex relationship driven operating culture proven track record of leading beyond their core domain and operating as a bar raiser for the entire technology ecosystem

• Sustaining and maturing the enterprise-wide information risk management and cyber security practice facilitating information security governance topics and status establishing risk tolerances/acceptances and investment in mitigation.

• Defining and managing top IT risk reductions through design validation and testing control effectiveness as well as leading programs to consume and synthesize threat intelligence monitor emergence of threats and vulnerabilities and drive appropriate treatments.

• Maturing Northwestern Mutuals Information Protection Program by continually assessing control effectiveness against current and emerging threats and partnering with technology leaders to deploy and operate effective controls with measurable outcomes expressed in well-defined metrics goals and OKRs.

• Leading and developing teams accountable for threat modeling information security policy standards/controls strategy/operations risk governance attack simulation and incident response.

• Socializing and measuring adherence to enterprise cyber security risk posture through information security resources and capabilities to defend the enterprise and react as our environment changes.

• Building an integrated risk culture by partnering with leaders enterprise-wide to ensure alignment strong tone at the top and advocacy and adherence across the workforce.

• Fostering a rewardingemployee experience based on opportunities to grow attracting and retaining high performing and diversetalent and building Northwestern Mutuals brand in the industry.

• Providing expertise to multiple enterprise governance functions including third-party risk data governance privacy etc.

Qualifications

• A minimum of 10 years of experience in information security or risk management; relevant certifications such as CISSP CISM and/or CISA a plus.

• Leadership experience in a large complex organization including budget management and resource allocation.

• Exceptional leadership communication and interpersonal skills.

• Ability to work collaboratively across interdisciplinary teams and manage relationships across multiple areas of the business including Software Engineering Infrastructure Cloud Audit Privacy Compliance Trustees and other executive stakeholders

• Ability to effectively lead change and motivate cross-functional interdisciplinary teams to achieve tactical and strategic goals.

• Ability to think strategically and align information security initiatives with business goals.

• Ability to translate technical cybersecurity issues/concerns into potential business implications that are meaningful to executive leadership

• Strong understanding of compliance frameworks and regulations such as NIST (800-171 CSF) SOC 2 SOC 3 HIPAA/HITECH 23 NYCRR 500.

• Experience in project delivery methodologies and process such as Scrum Agile SAFe Lean.

• Bachelors degree with emphasis MIS Computer Science or other computer/ business related discipline.

We believe in fairness and transparency. Its why we share the salary range for most of our roles. However final salaries are based on a number of factors including the skills and experience of the candidate; the current market; location of the candidate; and other factors uncovered in the hiring process. The standard pay structure is listed but if youre living in California New York City or other eligible location geographic specific pay structures compensation and benefits could be applicable click here to learn more.

Job Posting End Date:

Northwestern Mutual is an equal opportunity employer who welcomes and encourages diversity in the workforce. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas seek challenges assume leadership and continue to focus on meeting and exceeding business and personal objectives.