Our employees are our most valuable asset.
Job Description
The VP, IT Risk and Security is a key Information Technology leadership position responsible for planning, implementing and maintaining the Information Protection Program at Virtus Investment Partners. The Information Protection Program is designed to ensure the confidentiality, integrity, and availability of the information technology environment in compliance with industry regulations.
Job Duties
- Strategic Leadership: Lead the development and maintenance of a company-wide information security strategy and program within the risk tolerances of the firm. Identify and respond to a variety of information security threats. Work closely with business leaders across the firm to ensure day-to-day activities are compliant within risk tolerances.
- Incident Response: Oversee and assist with cyber incident triage assessment and mitigation. Ensure rapid and effective response to security incidents.
- Oversee IT Security Governance, Risk and Compliance. Review approved use of compensating controls, approve exceptions, and work with internal and external auditors.
- Supervise department staff. Assign personnel to projects and direct their activities, ensuring time is utilized effectively. Coach/mentor staff.
- Provide regular reporting on the status of the Information Security Program to senior business leaders and the board of directors.
Ideal Qualifications
- Bachelor's degree or equivalent experience with 10+ years of experience in IT, 8+ years in Information Systems roles, and a minimum of 5 years in leadership positions.
- Strong background in Information Security (IS) including physical, environmental, telecommunications and network, and software development.
- Industry-recognized certifications, such as CISO, CISSP, CISM or CISA.
- Experience leading IS operations in the areas of emerging threat: identification, response, and innovative mitigation strategies.
- Possess excellent interpersonal, relationship building and influencing skills. Demonstrated success in influencing key corporate decision makers and business partners to build positive working relationships and support for the cybersecurity strategy and initiatives.
- Successful track record as a change agent, setting priorities and delivering cyber outcomes across diverse and dynamic environments. Strong ability to assess the current and future value of a wide spectrum of cyber technologies and to make informed recommendations regarding the introduction of new business enabling technology solutions. Demonstrates prudent financial management in the delivery of key results.
- Uses excellent written/verbal communication and presentation skills to bolster cyber acumen and advocacy across diverse stakeholders, including senior executives, end users, and board members (or equivalent).
- Experience working with MSPs to provide capabilities for addressing day-to-day cyber operations.
- Previous experience in formation and leading an information security steering committee/advisory board.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. Experienced in general cybersecurity regulatory and compliance (e.g., SOX, SOC2, HITRUST, FedRamp, DFARS, CMMC, etc.).
- Knowledge of security operations, architecture and design, access control, cryptography, and business continuity and disaster recovery.
#Virtus