|Location||Foster City, CA|
|Date Posted||January 1, 2021|
In this critical leadership role, you will take a lead role in the continued innovation of the company’s Cyber Security strategy and drive the company’s competitive advantage in payments by facilitating a best in class security governance, risk and compliance function. You will perform the role of a strategic thinker and have the operational gravitas to run one of the best teams in the industry. In this role, you will also work with the company’s executive committee members.
The Vice President of Cybersecurity Governance Risk and Compliance, reporting directly to the company’s CISO is responsible for establishing and maintaining the company's overall Cybersecurity risk management program, which is designed to ensure that the company’s technology systems and data are adequately protected. This is a hands-on leadership position that inspires and leads a world-class cybersecurity team that are responsible for identifying, evaluating and reporting on cybersecurity risks in a manner that meets the company's internal, regulatory and other compliance requirements. As a senior leader in the Cybersecurity organization, the Vice President will work proactively with the various clients, business units, and other internal departments and organizations to implement practices that meet the company's defined policies and standards for information risk management. The VP role is also a member of various governance, compliance and incident response groups. The GRC team is responsible for providing operational management and oversight over all cybersecurity related activities within the company and to ensure management awareness, metrics and compliance posture of the cybersecurity environment.
- Provide operational oversight and serve as the leadership point of contact for the Cybersecurity Risk and Compliance team
- Take end to end ownership of cybersecurity owned programs and related teams including security policies, vendor risk, regulatory audits and compliance management, metrics, risk and performance indicators, security awareness and training, security integration and assessment of M&A and related ventures
- Responsible and development of security risk management using continuous self-assessments and executive reporting
- Provide continuous operational input to the CISO and help measure the cybersecurity risk posture of the company
- Provide leadership and engage with lines of business to perform security assessments and ensure timely execution of projects and program while mitigating any security risks
- Manage and operate the third-party security risk management program and teams
- Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts
- Mentor, coach and train security staff
12 years of work experience with a Bachelor’s Degree or at least 10 years of experience with an Advanced degree (e.g. Masters/MBA/JD/MD) or at least 8 years of work experience with a PhD
Skills and Experience
- 12+ years’ experience in running a cybersecurity GRC role or a related function
- Experience managing large cybersecurity teams with a global presence
- Deep experience in understanding regulatory and industry standards such as PCI, SOX 404, GLBA ISO standards, FFIEC exams, NIST framework, SSAE, etc
- Hands on leadership experience in authoring security policies, developing standards, deploying GRC solutions to effectively manage and measure on the cyber risk posture
- Technically strong in understanding and solving complex cybersecurity challenges, having a track record of leading the delivery of complex, multi-faceted technology initiatives
- Extraordinary written and communication skills having worked with executive management and presented at the board level
- Attested ability to establish and sustain effective, professional relationships with product and business managers; work closely with business partners to understand business drivers and market requirements; and provide leadership to the technology group in order to create the right solutions for the market in the required time frames.
- High degree of technical complexity and conservancy; familiarity with complex global information security infrastructures preferred
- Experience with a wide array of security platforms, protocols, tools, and technologies.
- Knowledge of/experience with international compliance requirements/standards