Provides strategic leadership in the development of Western & Southern Financial Group's (WSFG) Information Security management program to support the business objectives of W&SFG. Leads the Information Security Risk Management and Identity & Access Management (IAM) teams. Additionally, ensures efficient, cost-effective operation, and oversees project development and implementation, in addition to normal managerial expectations. Works with minimal supervision and is responsible to independently make a broad range of critical decisions, escalating to executive-level associates only when appropriate.

What you will do:

• Directs Information Security Risk Management services for the Enterprise through effective and collaborative corporate governance structures, ensuring adherence to information security principles and corporate expectations. Coordinates resources in the assessment of information security risk and partnering with others in the Enterprise to provide guidance for risk treatment plans.
• Facilitates metrics and reporting on the efficiency and effectiveness of the Information Security Risk Management function. Provides regular reporting on the current status of information security risks to senior-level management.
• Leads the information security and risk management awareness training programs for all associates, contractors and authorized system users.
• Oversees third-party vendor due diligence security reviews to ensure compliance with information security policy, security procedures and regulatory requirements. Handles escalations from the team in reporting deficiencies or risks to the appropriate executive-level stakeholders in IT, the business and third parties. Partners with IT leadership and compliance teams to support process/program improvements.
• Develops and oversees the implementation of W&SFG's IAM strategy that is aligned with business priorities, industry best practices and the Information Security strategic plan. The desired end state is a single set of identities access the Enterprise in support of internal and external access needs.
• Ensures the successful delivery of IAM products and services required to meet business and technology requirements, which includes directory services (e.g., AD), identity federation (e.g., SAML, SSO, and ADFS), Multi-Factor Authentication (MFA), and Identity Management (IdM).
• Is responsible for the development and enforcement of companywide information security policies, standards and procedures within Information Security Risk Management and Identity and Access Management.
• Develops and manages the team's budget, monitors for variances and actively assists with the completion of the Information Security budget.
• Collaborate with IT in support of Disaster Recovery and Business Continuity.
• Manages and ensures timely completion of all assigned audit remediation work, internal projects and Portfolio level project deliverables.
• Recruits, hires, trains and develops management staff. Provides direction to and development to managers through coaching, the administration of the Performance Management Program, and the creation and implementation of development plans.
• Promotes development of management team and associates to ensure they are adequately trained to carry out their responsibilities and stay current on state-of-the-art technology.
• Potential on-call support during nights and weekends.
• Performs other duties as assigned.
• Complies with all policies and standards.

• Bachelor's Degree In information security, computer science or information technology, or commensurate selection criteria experience. - Required
• Minimum of 10 years of management level experience. Prefer experience in a combination of risk management, information security and IT-related positions. - Required
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment. - Required
• Demonstrated experience effectively influencing a group to a recommended course of action. - Required
• Proven experience in working with complex programs, which require identifying complex data and analyzing the quality of the output provided. - Required
• Demonstrated knowledge and understanding of relevant legal and regulatory requirements, such as New York Department of Financial Services Cybersecurity regulation, NAIC Data Security Model Law, and Health Insurance Portability and Accountability Act (HIPAA). -
• Demonstrated excellent verbal and written communication skills, interpersonal and collaborative skills with the ability to convey complex concepts and security and risk-related information to internal and external customers (technical and nontechnical) at all levels in a clear, accurate, focused and concise manner, and presentation style. Verbal and written communications are to conform to proper rules of punctuation, grammar, diction and style. -
• Proven leadership, interpersonal skills and ability to work cross-functionally and to develop associates in their skills and proficiency, while achieving tactical and strategic goals. -
• Demonstrated poise and ability to act calmly and competently in high-pressure, high-stress situations. -
• Proven strong quantitative and analytical skills, including demonstrated experience identifying, defining and resolving complex programs, and collecting or interpreting data to establish facts and draw valid conclusions to provide effective resolutions. Proven experience with sound decision-making and critical thinking skills when dealing with multiple alternatives. Must demonstrate the ability to conceptualize and apply new methodologies. -
• Demonstrated ability to direct multiple projects under strict timelines, within budget and financial targets and with appropriate resource management as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. -
• Proficient in word processing, spreadsheet and presentation applications. -
• Familiarity with Project Management systems and processes. -
• CISSP Certified Information Systems Security Professional Upon Hire - Required
• GIAC Security Expert (GSE) Upon Hire - Required
• Certified Information Security Manager (CISM) Upon Hire - Required
• Certified Information Systems Auditor (CISA) Upon Hire - Required
• ISACA certifications including CRISC or CGEIT Upon Hire - Required
• Series 99 certification Upon Hire - Preferred

Work Setting/Position Demands:

• Works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.
• Requires the ability to verbally communicate and exchange accurate information to customers and associates on a regular basis.
• Requires visual acuity to read and interpret a variety of correspondence, procedures, reports and forms via paper and electronic documents, visual inspection involving small defects; small parts, and/or operation of machinery (including inspection); using measurement devices continuously. Visual acuity is required to determine accuracy, neatness, and thoroughness of work assigned.
• Requires the ability to prepare written correspondence, reports and forms using prescribed formats and conforming to rules of punctuation, grammar, diction, and style on a regular basis.
• Requires the ability to apply principles of logical thinking to define problems, collect data, establish facts, and draw valid conclusions
• Performs substantial movement of wrists, hands, and fingers for continuous computer work.
• Extended hours required during peak workloads or special projects/events.

Travel Requirements:

• Occasional travel may be required.