Summary of Responsibilities:

Provides strategic leadership in the development of Western & Southern Financial Group’s (W&SFG’s) Information Security management program to support the business objectives of W&SFG. Leads W&SFG’s Data Protection, Cyber Security Operations Center (CSOC) and Security Engineering teams. Ensures efficient, cost-effective operation, and oversees project development and implementation. Works with minimal supervision and is responsible to independently make a broad range of critical decisions, escalating to executive-level associates only when appropriate.

Position Responsibilities:

• Leads the Data Protection team responsible for working with business units, data governance, and compliance to design, build, and run a data protection plan. Maintaining data protection tools, processes and business integration. Works with the Information Security Risk Management team throughout the SDLC process to design and implement data protection strategies commiserate with data that is being protected.

• Leads the Cyber Security Operations Center responsible for event monitoring, incident response, forensic analysis, threat intelligence, and vulnerability management.

• Leads the Security Engineering responsible for supporting and maintaining the Information Security technologies, tools, and services used by the information security department to identify and reduce risk, protect data, detect security events, and respond to security incidents.

• Promotes development of management team and associates to ensure they are adequately trained to carry out their responsibilities and stay current on state-of-the-art technology.

• Recruits, hires, trains and develops staff. Provides direction to and development to managers through coaching, the administration of the Performance Management Program, and the creation and implementation of development plans.

• Develops comprehensive and regular reporting for senior management to report latest threats, key metrics which measure response efficiency and efficacy, and the improvements to security controls and practices which will prevent them.

• Is responsible for the development and enforcement of companywide information security policies, standards, and procedures related to Data Protection, Security Operations, and Security Engineering.

• Develops and manages the team’s budget, monitors for variances, and actively assists with the completion of the Information Security budget.

• Collaborates with IT in support of Disaster Recovery and Business Continuity.

• Manages and ensures timely completion of all assigned audit remediation work, internal projects, and Portfolio-level project deliverables.

• Provides potential on-call support during nights and weekends.

• Performs other duties as assigned by management.

Selection Criteria:

• Minimum of ten years of management level experience. Prefer experience in a combination of information security and IT-related positions.

• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

• Demonstrated knowledge and understanding of relevant legal and regulatory requirements, such as New York Department of Financial Services Cybersecurity regulation, NAIC Data Security Model Law, and Health Insurance Portability and Accountability Act (HIPAA).

• Demonstrated excellent verbal and written communication skills, interpersonal and collaborative skills with the ability to convey complex concepts and security and risk-related information to internal and external customers (technical and non-technical) at all levels in a clear, accurate, focused and concise manner and presentation style. Verbal and written communications are to conform to proper rules of punctuation, grammar, diction and style.

• Demonstrated experience effectively influencing a group to a recommended course of action.

• Proven leadership, interpersonal skills and ability to work cross-functionally and to develop associates in their skills and proficiency, while achieving tactical and strategic goals.

• Demonstrated poise and ability to act calmly and competently in high-pressure, high-stress situations.

• Proven strong quantitative and analytical skills, including demonstrated experience identifying, defining, and resolving complex programs, and collecting or interpreting data to establish facts and draw valid conclusions to provide effective resolutions. Proven experience with sound decision-making and critical thinking skills when dealing with multiple alternatives. Must demonstrate the ability to conceptualize and apply new methodologies.

• Proven experience in working with complex programs, which require identifying complex data and analyzing the quality of the output provided.

• Demonstrated ability to manage multiple projects under strict timelines, within budget and financial targets and with appropriate resource management as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

Work Setting:

• This position works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.

• Requires visual acuity to read a variety of correspondence, reports and forms, and to prepare and analyze data in an accurate, neat and thorough manner.

• Ability to continuously make repetitive motions of the wrists, hands and/or fingers.

Educational Requirements:

• Bachelor’s degree in information security, computer science, or information technology or commensurate selection criteria experience.

Computer Skills and Knowledge of Hardware & Software Required:

• Demonstrated knowledge of threat detection and remediation tools vulnerability management, Rapid 7 preferred.

• Expert knowledge of Security Incident and Event (SIEM) technology and incident detection, correlation and analysis; QRadar preferred.

• Scripting skills in one of the following: perl, python, ruby, C, C++ or Java.

Certifications & Licenses (i.e., Series 6 & 63, CPA, etc.):

• Candidate expected to hold one or more of the following security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).

• Valid driver’s license and satisfactory driving record.

Position Demands:

• Extended hours required during peak workloads or special projects.

• Occasional travel may be required.