This job has expired, please see additional jobs below
Assistant Vice President Information Security Consulting Manager
QBE Insurance
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Guide delivery and implementation of information security operations by ensuring integrity, confidentiality and availability of information which is owned, controlled or processed by the organization.
The AVP, Information Security Consulting manages the cyber and information security consulting and advisory function within an operating division. In doing so, the role manages the provision of cyber and information security advice and guidance to divisional stakeholders on strategies to manage identified risks and ensure adoption and adherence to standards. This role also manages the end to end engagement for cyber and information security assurance reviews and other cyber and information security services required by divisional projects, global platforms and system enhancements, ensuring resourcing availability and engaging external security consultancy services as required to meet project timelines and demands. This role will also advise business stakeholders in the event of a security incident, and support incident management and escalation processes into the appropriate incident management teams.
Primary
Responsibilities:
• Assist in the development and preparation of the cyber and information security consulting and advisory team plans to ensure these are in line with wider business strategy, risk appetites and reflect key priorities.
• Partner with divisional and global stakeholders to continuously improve security consultancy services and influence the development of strategic approaches to complex challenges.
• Build strong relationships with divisional business and project stakeholders to proactively identify issues and continuously improve security consultancy services for divisional projects.
• Contribute to development of a globally consistent security consultancy and advisory practice, including development of relevant processes and templates.
• Partner with Enterprise, Infrastructure, Applications and Security Architecture teams to ensure appropriate security engagement with projects throughout the project lifecycle and SDLC, and ongoing, comprehensive Security Service delivery.
• Apply knowledge of divisional IT strategy, project management lifecycle process and solution development lifecycle process to appropriately align effort in this direction.
• Determines own work priorities in line with agreed plans to ensure the achievement of the function’s objectives.
• Create and maintain a demand pipeline and divisional resourcing plan to deliver scalable, rechargeable, risk-based security consultancy services for all divisional projects and application enhancements.
• Apply globally consistent security policy, standards, patterns, and engagement model to triage projects according to the business risk and level of security effort required to achieve the right business risk outcomes for QBE.
• Respond to security questions and inquiries, using available consulting tools and procedures and adhering to QBE’s defined project management and development processes working to established practice guidelines.
• Appropriately engage Group and divisional IT and Enterprise Risk teams to ensure issues are identified, self-reported and ensure business and project stakeholders are aware of potential security issues from projects. The role is responsible for providing guidance on security issues identified.
• Collaborate with Enterprise Risk Management, IT Risk, Audit and Legal to ensure project and security assessments are and results are effectively communicated and reported.
• Develop and prepare reporting on project status with relevant information.
• Enhance awareness of security within business stakeholder and project community.
• Promote awareness of divisional IT strategy, project management and solution development lifecycle process
• Build and maintain strong and effective relationships with business stakeholders and project teams to ensure that security consulting services meet their expectations.
• Ensure that high standards of service are developed and maintained to enable continuous improvement and effective response to stakeholder feedback.
• Positively promote the team to develop the team profile and that of the wider cyber security and IT functions.
• Ensure all divisional and security projects are triaged and reviewed based on the business risk and level of security effort required.
• Manage staff augmentation and outsourced security consultancy services ensuring compliance with appropriate SLAs and quality controls and alignment with security, regulatory and business requirements.
• Develop metrics to track security benefit and cost of project security consulting and engagement – specifically identify any delays in project timeliness from late identification of security issues.
• Delivery of services against budget.
• Regularly produce management information for all aspects of project security consulting and engagement.
• Actively undertake personal development to ensure up to date knowledge and skills.
• Manage the divisional cyber and information security consulting team (including security consultancy services), providing strategic leadership and line management support to the Divisional Information Security Officer.
• Create a performance enhancement culture by actively coaching and mentoring direct reports, providing regular feedback and developing employees for wider roles and responsibilities to foster professional growth and development.
• Manage budgeted resources by anticipating expenditures, accurately forecasting resource needs and costs, and properly accounting for expenses to meet requirements and demonstrate fiscal responsibility.
• Create a positive environment by modelling cultural expectations and guiding leaders to reward performance and value "can do" people, accountability, diversity and inclusion, flexibility, continuous improvement, collaboration, creativity and fun.
• Model QBE values in personal work behaviors, decision-making, contributions and interpersonal interactions; manage own career development by soliciting feedback and valuing other perspectives.
• Act as a point of reference to guide and advise others by sharing knowledge and best practice; promoting the team to develop the broader cyber security and IT functions.
• Support others in the team where appropriate to assist in the achievement of their objectives.
Experience
• 12+ years’ experience in cyber and information security roles.
• 5+ years’ experience in senior security advisory roles.
• 3+ years’ experience leading and managing cyber security teams.
• Demonstrable experience with security and risk-based standards, such as ISO2700X, ISO31000, NIST800, PCI-DSS and other relevant security risk standards and technologies.
• Experienced in managing and working with outsourced service partners.
Licenses/Certifications
• Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM).
Education
• Bachelor's or Master’s degree in one (or more) of the following fields (or equivalent):
◦ Cyber / Information Security
◦ Information Technology
◦ Management / Business
• Preferred Certifications:
◦ Sherwood Applied Business Security Architecture (SABSA) or equivalent, highly regarded.
◦ Certified Cloud Security Professional (CCSP) or equivalent.
◦ Other security certifications.
Knowledge
• Advanced knowledge and understanding cyber security and familiarity with business and information technology current trends and developments.
• Advanced knowledge and understanding of secure SDLC processes, within full spectrum of project delivery methodologies e.g. Waterfall, Rapid Application development, Agile development or Continuous Integration/Continuous Development.
• Advanced knowledge and understanding of business and technical cyber security and risk management concepts and methods, including policy concepts, risk assessment procedures, and role-based authentication and authorization methodologies and technologies.
• Strong knowledge of process management and continuous improvement methods and techniques.
• Strong knowledge of industry best practices associated with information security.
• Research and understand emerging cyber security threats and relevance to divisional business.
Skills
• Effectively present thoughts to key stakeholders of all levels. Able to communicate technical information to business users.
• Excellent negotiation and conflict management skills. Effectively present information to influence and negotiate.
• Flexible and able to apply skills to all types of technology solutions.
• Advanced analytical and problem-solving skills, with an ability to anticipate and pre-empt potential obstacles.
• Excellent customer service focus.
• Excellent communication skills, including proactive management of customer expectations.
• Develop and maintain effective working relationships with key stakeholders to share knowledge and ensure consistency.
• Communicate outside and across the organization and share information as a positive aid to achieve best practice and objectives.
• Multifaceted team management.
Work Environment
Travel Frequency
• Occasional (approximately 5-10 trips annually)
General office jobs
• Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 pounds.
Number of Openings:
1
How to Apply:
To submit your application, click "Apply" and follow the step by step process.
Equal Employment Opportunity:
QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.