Waddell and Reed
Receive alerts when this company posts new jobs.
VP, Chief Information Security Officer
at Waddell and Reed
This position is responsible for establishing, monitoring and enforcing information security/security standards and policies company-wide. It is also responsible for the development and maintenance of company-wide information security strategies, including information security investments/capital planning, and overseeing the execution of plans reporting to Sr. Leadership. This position oversees the creation and maintenance of information security policy, leads on-going company-wide security risk management, risk assessment and status reporting efforts, and is responsible for the creation and roll-out of security awareness and training programs Company-wide. This position plans, coordinates, supervises and reviews the work of a professional, technical, and administrative staff. Provides management for the following teams:
- Business Continuity & Disaster Recovery
- Enterprise Security & Policy
- Security Engineering & Operations
- Manage the Information Security team
- Serve as the central point of contact for Information Security technology for the company and ensure that security is integral to strategic ETS, business and technology decisions.
- Assist in the definition, design and implement defensive, detective and preventive processes, procedures, best practices and instrumentation around the systems used to deliver Waddell & Reed services.
- Lead and work with the Information Security team to design and implement information security defense architecture, solutions, tools and automation for the continuous protection of our corporate systems and information assets.
- Help identify, define and document the system security requirements and hardening standards for the infrastructure and application stack.
- Work with stakeholders to survey, identify and recommend best-fit solutions and lead their implementation where appropriate.
- Internally manage security assessments on our internal and customer-facing systems.
- Perform security gap assessments and penetration tests. Generate comprehensive reports and recommendations on the security risks and vulnerabilities.
- Act as the Incident Response Lead and perform security incident response and investigations in a timely manner.
- Partner with Compliance & Audit and collaborate on aligning security to audit and compliance requirements
- Prepare and document relevant standard operating procedures.
- Prepare security metrics for the senior management.
- Ensures network communications and hosts across the enterprise adhere to security policies and standards.
- Configures and monitors security products such as firewalls, IDS/IPS, vulnerability scanning, security event management and proxy server software. Implement, manage, and maintain network firewalls, intrusion prevention systems, messaging security gateways, and Internet security proxies.
- Manage endpoint security platforms, including Host Intrusion Prevention and Anti-virus.
- Performs analysis of network and host security needs and contributes to the design, integration, and installation of hardware and software.
- Assesses potential items of risk and opportunities of vulnerability in the environment proactively.
- Collaborates with Network and Server Operations Support to help maintain/upgrade network and host to maintain a secure environment.
- Assists in the support of security technologies such as user access, Internet filtering, e-mail security, antivirus, data loss protection, document management, forensics, vulnerability assessments, collaboration technologies and mobile platforms.
- Identifies and remediates issues that impact the security of the information enterprise.
- Synthesizes information generated from logs, SIEM, and other sources to effectively respond to emerging threats.
- Architect, develop, deploy and support information security systems and solutions such as key management, Tripwire, password vaulting, anti-malware, etc.
- Understands advanced security protocols and standards.
- Participates in information security reviews and audits.
- Monitors security systems and responds to events and alerts.
- Responsible for all aspects of Waddell *& Reed’s Business Continuity Management Program (BCM) which includes the design, implementation, continual assessment and improvement of business continuity plans to ensure all core functions of the Company continue until normal operations/facilities are restored.
- Working with different lines of business and corporate functions to conduct Business Impact Assessments (BIAs) and drive the development of robust business recovery plans that include contingency planning for loss of people, loss of facilities, technology and vendor dependencies.
- Develop comprehensive and integrated exercises to test and update recovery plans on a regular basis.
- Establishes and proactively manages a sound business continuity framework (governance processes, policies, procedures, and best practices) to keep the BCM program components aligned, current, relevant, actionable, and auditable
- Ensures all plans support business resumption within approved recovery time objectives (RTO’s) and recovery point objectives (RPO’s).
- Establishes a program for operational DR activities, to ensure that DR planning is consistent and effective across the university and medical center communities
- Creates and maintains DR governance and implementation groups – Creates and maintains IT Disaster Recovery (DR) policies and procedures for the university
- Partners with stakeholders such as Business Continuity, Cyber Security, Data Privacy, Enterprise Risk Management, and Public Safety to ensure appropriate testing of DR plans for integration of preparedness efforts across the university
- Ensures DR policies, controls and procedures comply with applicable laws and regulations
- Ensures that critical enterprise applications can be recovered in alignment with documented Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) to ensure readiness in the event of an disruption
- A minimum of 15 years of progressive experience leading teams, managing projects and driving organizational change
- Demonstrated experience managing information security/security standards for an organization and associated team members within a complex operational and regulatory environment
- Demonstrated knowledge and experience with administering or implementing an information security/security standards framework for identifying, reporting and assessment of risks
- Current knowledge of financial services industry and general regulatory environment
- Excellent analytical skills, including the ability to identify issues and to design appropriate solutions
- Capacity to leverage relationships and insights to successfully influence others and build authentic and trusted relationships to create alignment and support
- Bachelor’s degree in accounting, technology, finance or a related field
- Knowledge and understanding of the Sarbanes-Oxley Act and required control structures and processes
- Excellent leadership and interpersonal skills with presentation and communication skills meeting the needs of all levels within the organization up to and including the executive management team, CEO and the board of directors
- Ability to simultaneously manage multiple projects
- Experience with a publicly-traded company
- Demonstrated ability to build relationships and communicate with peers, subordinates, executive management, and the CEO
- Excellent written and verbal communication skills, including the ability to synthesize and communicate complicated information in a precise, simple, and accurate manner
- CISSP – Certified Information Systems Security Professional or CISM – Certified Information Security Manager (or ability to obtain)
- Experience building and maintaining a security department budget
- Demonstrated ability build a multi-year security and BD/DR Roadmap
- Ability to build and grow a high-performing technical security team
- Asset/investment management and/or broker-dealer experience
- Direct experience with regulatory groups such as FINRA and the SEC
- Master’s degree in technology, accounting, finance or a related field
- Mergers and acquisitions due diligence and integrations experience
- Systems conversion or implementation experience
- CBCP – Certified Business Continuity Planner
- CISA or other applicable professional certifications related to audit or risk