AVP, Risk AssessmentsApply Job ID: R-012410 Date posted: 02/22/2021 Primary Location SC-Fort Mill Other Locations TX-Austin , CA-San Diego
The LPL Financial Information Security and Technology Risk organization is currently hiring an AVP of Security Risk Assessments. This position will be responsible for growing and leading a comprehensive risk program to uncover vulnerabilities and weaknesses by overseeing and performing risk assessments. They will also collaborate closely with various leaders and stakeholders to communicate results and help recommend key security enhancements.
As a member of a growing organization, you will have the opportunity to shape the priorities of the organization. The position affords opportunities for substantial growth. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.
The person in this position will lead key functions in the Technology Risk Management Lifecycle, working in partnership with control owners, Business leaders and the Business Information Security Officers.
- Responsible for leading the team that performs continual information security risk assessment.
- Understanding and influencing department vision and mission
- Responsible for providing security guidance, coaching and training to direct reports and other employees across the company
- Develop and execute an annual plan of risk assessments based on self-identified top security risks facing LPL Financial
- Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
- Work with appropriate risk assessment owners & leadership to communicate and articulate assessment or aggregation issues/ findings.
- Plan and coordinated penetration testing, red and purple team exercises between external vendors, Security Operations, and internal stakeholders.
- Report regularly to senior management the results of risk assessments and penetration tests.
- Perform other duties as assigned
Risk Assessment Responsibilities
- Maintain and enhance the Information Security risk assessment methodology and framework. Ensure the methodology is built for efficiency and continuously updated to reflect the ever-changing nature of cyber threats
- Conduct and oversee Information security risk assessments establishing an accurate view of LPL Financial’ s inherent and residual risk posture and determine appropriate risk baselines to manage risk to greater maturity over time
- Execute periodic regulatory assessments (e.g. NYDFS, FFIEC, or NIST CSF) using structured control documentation
- Leading annual cyber risk assessments in partnership with Business Leaders and Technology Business Information Security Officers.
Skills and Experience
- 6+ years of experience in information security
- 2+ years of experience leading teams
- Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques
- Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
- Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
- Strong analytical skills and thinking, data-driven acumen, proficiency in analysis of risk management data, and knowledge of analytic methods
- Thorough knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. NIST, ISO, CIS Critical Security Controls
- Must have good technical communication skills (both written and verbal) and the ability to effectively communicate to anyone in the organization, paired with good analytical and problem-solving skills
- Prefer certifications: CISSP, CRISC, FAIR or related certifications
At LPL, we believe that objective financial guidance is a fundamental need for everyone. As the nation’s leading independent broker-dealer, we offer an integrated platform of proprietary technology, brokerage, and investment advisor services. We provide you with a work environment that encourages your creativity and growth, a leadership team that is supportive and responsive, and the opportunity to create a career that has no limits, only amazing potential.
We are one team on one mission. We take care of our advisors, so they can take care of their clients.
Because our company is not too big and not too small, you can seize the opportunity to make a real impact. We are committed to supporting workplace equality, and we embrace the different perspectives and backgrounds of our employees.We also care for our communities, and we encourage our employees to do the same. This creates an environment in which you can do your best work.
Want to hear from our employees on what it’s like to work at LPL? Watch this!
We take social responsibility seriously. Learn more here
Want to see info on our benefits? Learn more here
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lpl.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.