SVP, Chief Information Security OfficerApply Job ID: R-004818 Date posted: 10/16/2018 Primary Location SC-Fort Mill
LPL's SVP, Chief Information Security Officer (CISO) will lead information security and risk management activities. The SVP, CISO will oversee employees and vendors who safeguard the company’s assets, intellectual property and computer systems.
- Define and Manage the IT security policies and environment consistent with the enterprise architecture and information security strategy
- Manage risk and enforce compliance to regulations, including but not limited to Sarbanes-Oxley, Graham-Leach Bliley, SEC Regulation S-P
- Liaison with corporate audit, risk and the business to maintain a balance between security compliance and usability.
- Evaluate and prioritize technology and business risks based on business capability exposure, and construct an overall strategy to mitigate those risks
- Determine the relevant regulatory requirements, develop strategies for the application of technology to meet those regulatory requirements, maintain an audit-ready posture, and promote a strong security culture throughout the company.
This person will work with user and technical groups and internal auditors in the development and implementation of a security strategy designed to provide a high level of security over technology and infrastructure while preserving and enhancing facility and system usability.
This person must be able to develop and implement flexible security solutions dictated by the needs of a rapidly evolving business environment. The individual must be a results oriented person who can achieve tangible improvements in the corporate information security arena. Excellent technical and communication skills are a must as well as proven security leadership experience.
- Prioritizing overall Technology risks to business
- Determining how Technology risks relate to critical business processes
- Creating overall strategy for mitigating Technology risk
- Consulting on projects to ensure compliance to Technology policies
- Performing Technology audit and follow-up of issues
- Build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk appetite.
- Manage the creation and production of timely, accurate, and informative business and security metrics relating to information risk.
- Drive and maintain the information security management systems to identify, quantify, catalog, and remedy information risk across the enterprise, escalating where necessary.
- Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Determine potential impact on the organization’s risk posture.
- Develop and maintain an effective information security architectural approach, ensuring that the approach is implemented in accordance with appropriate standards.
- Act as liaison with enterprise architecture to ensure that information security architecture standards, policies, and procedures are available and enacted consistently across application development projects and programs.
- Collaborate with application owners to understand the risk position around key business applications. Address perceived risk shortfalls as appropriate.
- Establish processes to respond in a timely and proactive manner to significant information security breaches.
- Act as liaison with the relevant parties to ensure that appropriate controls are implemented to prevent recurrence of information security incidents.
- Respond appropriately to investigations and forensic requests, managing situations with discretion, sensitivity, and objectivity.
- Collaboratively engage with other Technology functions and business representatives to facilitate a globally standardized approach and governance structure to information security and risk.
- Collaborate with enterprise architecture to define physical, virtual, and logical information security architecture specifications.
- Ensure the consistent application of security standards across global technical infrastructure. Monitor, manage, and deploy security controls as appropriate to support business needs while minimizing risk.
- Identify and contain emerging threats before they can have a negative impact on business operations
- Collaborate with Fraud team to build fraud detection and prevention capabilities and respond to fraud events.
- Bachelor's Degree in Information Systems (Masters preferred) or a related field
- At least 15-20 years of experience in an enterprise security role, including 5-7 years in a leadership position.
- Must be a collaborative, articulate and persuasive leader who can serve as an effective member of the management team
- Able to communicate security-related concepts to a broad range of technical and non-technical staff
- Be comfortable presenting to senior executives and the Board of Directors
- Should have experience with business continuity planning, IT audit, risk management, security operations, and managed security services, as well as contract and vendor negotiation
- Experience with regulatory requirements and standards frameworks such as: SOX, GLBA, SSAE16, ISO2700x, FINRA, NIST
- Must have strong working knowledge of pertinent laws governing the financial services vertical and be familiar in partnering with the law enforcement community
- Must have a solid understanding of information technology and information security
- Must be an excellent public speaker who can interface effectively with external customers
- Must be able to build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk.
About LPL Financial:
LPL Financial is a leader in the retail financial advice market and the nation’s largest independent broker/dealer*. We serve independent financial advisors and financial institutions, providing them with the technology, research, clearing and compliance services, and practice management programs they need to create and grow thriving practices. LPL enables them to provide objective guidance to millions of American families seeking wealth management, retirement planning, financial planning and asset management solutions. LPL and its affiliates have more than 3,700 employees with primary offices in Boston, Charlotte, and San Diego.
If you join LPL, you will join a culture that believes in delivering a world-class client experience and looks to all employees to contribute to that goal by sharing their creativity, experience, and passion for continuous improvement. As a destination of choice, our top priorities are growth and development, social responsibility, and financial health for our employees.
We offer competitive compensation and industry leading benefits, including a wellness facility with onsite fitness classes, healthy meal choices, and a walk-in clinic. We support employee financial health through a 401k match, ESPP, and employee discounts. Work/life balance is our foundation and is supported through paid holidays, and paid time off (including time to volunteer). We foster a diverse work environment through Employee Resource Groups and diverse strategic partnerships.
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please login or create an account to apply to this position. Principals only. EOE
*As reported by Financial Planning magazine, June 1996-2017, based on total revenue.