Chief Information Security Officer 8/23/2019
Jersey City, NJ
JOB DESCRIPTIONAPPLY Company Description
With a history of impressive growth, an innovative culture, and offering industry-leading solutions, Verisk Analytics is an amazing place to work and make a difference. In 2018, Forbes magazine named Verisk to its World s Best Employers list and, in 2017, to its World s Most Innovative Companies list for the third consecutive year. We also earned the Great Place to Work Certification for the third consecutive year in recognition of our outstanding workplace culture.
Verisk is a leading data analytics provider serving customers in insurance, energy and specialized markets, and financial services. Using advanced technologies to collect and analyze billions of records, Verisk draws on unique data assets and deep domain expertise to provide first-to-market innovations integrated into customer workflows. We ve been delivering predictive analytics and decision support solutions to our customers for nearly 50 years, helping them protect people, property, and financial assets. At Verisk, you ll be part of an organization that s committed to serving the long-term interests of our stakeholders, including the communities where we operate.
At Verisk, you can build an exciting career with meaningful work; create a positive and lasting impact on the business; and find the support, coaching, and training you need to advance your career. Our culture of innovation means your ideas on how to improve our business will be heard. As key contributors to our success, our team members enjoy working in a business-casual, collaborative environment that offers state-of-the-art resources, advanced technologies, and an excellent benefits package.
The Chief Information Security Officer (CISO) is the senior-level executive responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. Manages the Global Security Services (GSS) and Information Risk Management (IRM) teams, closely aligning enterprise and business unit security programs.
Strong leadership and people management abilities. In this executive role, the CISO must use strategic thinking to identify risks and trends and stay ahead of the threats to the environment they protect. To do this you must be able to understand multiple complex systems and technology at a detail level in a constantly changing threat environment. Plans and ad-hoc responses must align with the company strategy, budget, and risk profile. Balance and properly manage resources and services between on-prem and cloud based technologies, recognizing the companies cloud first strategic direction.
The CISO will utilize data driven and actionable security metrics and key risk indicators to drive program development and investment.
Excellent communication, documentation and presentation skills will speed acceptance and support for their recommendations and plans.
A flexible, organized work style is necessary to balance the need for comprehensive, detailed analysis against the instances where they must respond quickly to crises which arrive without warning. The CISO must grasp the issue or problem, identify a resolution plan for the security staff and execute quickly.
Principal Responsibilities include:
* Develop and maintain trusted relationships with global business leaders, Enterprise Risk & Compliance (ERC) leaders, executive management, Board of Directors, and external stakeholders to ensure transparent communication of security strategy, status and issues; assessment of assets, threats and mitigations; and, coordination of resources and funding for services and security infrastructure.
* Align strategic and tactical security and cyber strategy with business strategy, corporate objectives, and in collaboration with other ERC functions
* Ensure effective oversight, monitoring and implementation of risk-based security and cyber risk management programs across the enterprise
* Manage the daily operation and implementation of GSS and IRM strategy in alignment with the NIST 800-53 and ISO 27001 framework
* Manage security and privacy incidents, to ensure timely and effective identification, containment, and remediation. Effectively communicate and collaborate as part of the crisis management team
* Provide executive and operational risk metrics to drive security strategy, investment, and measure program effectiveness
* Ensure timely and value-added support of internal and external stakeholder requests
* Responsibly manage annual and 3-year Op-Ex and Cap-Ex budget to maximize coverage and align with corporate budget guidance
* Effective talent management and development, ensuring high levels of productivity, innovation, motivation, morale and recognition
* Bachelor s degree in Information Systems or Business, required; Master s degree, preferred
* 12 + years experience in Information Security, preferably in a global environment, including a minimum of 2 3 years prior experience as CISO or at information security executive level
* Prior work experience in either insurance, healthcare, financial services, data services, energy, desirable
* Extensive experience building and managing an enterprise security and information risk management function in a decentralized security and compliance organization
* Extensive experience developing a risk-based security compliance program driven by industry, legal & regulatory requirements, contractual requirements, business objectives, and customer expectations
* Extensive experience providing robust metrics, key risk indicators, and management reporting suitable for executive management and Board of Directors presentation
* Strategic partner with SVP Risk & Compliance related to program and budget management
* Direct and manage effective communication and coordination between the security team and other ERC units (compliance, privacy, global protection services, third party risk management, and insurance risk management)
* Executive level communication skills, that focuses on risk, facts, and data, leading to effective and timely security risk management decisions. Must be able to translate complex technical to a logical business case
* Provide value added customer focused services, providing assurance and trust that Verisk is a responsible custodian, protecting customer assets
* Must work in a highly collaborative manner with member organizations to implement and maintain effective security risk management programs
* Must work in a highly collaborative manner with the Compliance and GRC systems group within the Enterprise Risk & Compliance Department
* Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC); highly desirable.
Verisk Analytics is an equal opportunity employer.
All members of the Verisk Analytics family of companies are equal opportunity employers. We consider all qualified applicants for employment without regard to race, religion, color, national origin, citizenship, sex, gender identity and/or expression, sexual orientation, veteran's status, age or disability.
Unsolicited resumes sent to Verisk, including unsolicited resumes sent to a Verisk business mailing address, fax machine or email address, or directly to Verisk employees, will be considered Verisk property. Verisk will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.