About the job

$200,000 - $230,000 / year

Application Deadline: 9/16/2024

Vertafore is a leading technology company whose innovative software solutions are advancing the insurance industry. Our suite of products provides solutions to our customers that help them better manage their business, boost their productivity and efficiencies, and lower costs while strengthening relationships.

Our mission is to move InsurTech forward by putting people at the heart of the industry. We are leading the way with product innovation, technology partnerships, and focusing on customer success.

Our fast-paced and collaborative environment inspires us to create, think, and challenge each other in ways that make our solutions and our teams better.

We are headquartered in Denver, Colorado, with offices across the U.S., Canada, and India.

We are seeking a dynamic and experienced Vice President of Cybersecurity to lead our efforts in implementing a comprehensive zero-trust security framework, foster a culture of cybersecurity awareness, and manage incident response, risk assessment, mitigation strategies, security architecture design in the cloud and data centers, security governance, compliance, and customer-facing team management.

THE VERTAFORE STORY

Over the past 50 years, Vertafore has advanced the entire insurance distribution channel with the best software solutions in the industry. Today, we’re proud to say hundreds of thousands of Vertafore users rely on our solutions to write business faster, reduce costs, and fuel growth by increasing collaboration and streamlining processes. Vertafore leads the industry with secure, cloud-based mobile products that provide superior reporting and analytics, delivering actionable insight— right when customers need it most. We partner with other leading technology companies to deliver comprehensive solutions to improve the way our customers do business and serve their customers.

The Vertafore Way

Insurance is about relationships, and technology should make those relationships stronger. That’s why, at Vertafore, it’s our mission to transform the way the industry operates by putting people at the heart of insurance technology. By focusing on our customers, becoming better every day, and delivering results you can see, we provide the level of trust and security that insurance is all about.

• Bias to Action: We're united by an innate drive to take action and make a difference in the technology and insurance spaces.
• Win Together: We work together as one team, showing empathy and respect along the way.
• Show Up Curious: We work to challenge one another to push boundaries and think beyond the box.
• Say It, Do It: We honor every one of our commitments because integrity is important to us.
• Customer Success is Our Success: We cultivate authentic relationships and follow up by actively listening to their needs.
• We Love Insurance: We appreciate the impact insurance has on the world.

• Zero-Trust Security:

• Develop and execute a comprehensive zero-trust security strategy to protect our digital infrastructure, data, and assets.

• Lead the design and implementation of zero-trust principles, ensuring access controls, network segmentation, and identity verification are integrated into all systems and processes.

• Collaborate with cross-functional teams to ensure continuous monitoring, anomaly detection, and data protection.

• Leadership & Culture Development:

• Develop relationships cross-functionally to understand business priorities and barriers, and work together to create plans that can be successfully executed.

• Foster a culture of cybersecurity awareness and best practices across the organization.

• Provide leadership and mentorship to the cybersecurity team, promoting professional growth and a commitment to excellence.

• Champion cybersecurity initiatives at all levels of the company, advocating for security as a core business value.

• Incident Response Management:

• Enhance and maintain an incident response plan, ensuring rapid and effective responses to security incidents.

• Coordinate with internal and external stakeholders to investigate, contain, and remediate security breaches.

• Conduct post-incident analysis to identify vulnerabilities and improve incident response procedures.

• Risk Assessment and Mitigation:

• Identify potential security risks and vulnerabilities within the organization.

• Conduct regular risk assessments, including threat modeling and vulnerability assessments.

• Develop and implement risk mitigation strategies, ensuring compliance with industry standards and regulations.

• Customer-Facing and Team Management:

• Interact with customers to understand their security requirements and provide assurance on our security posture.

• Manage and lead a customer-facing cybersecurity team, ensuring exceptional service and client satisfaction.

• Security Architecture Design in the Cloud and Data Centers:

• Assist and direct the design and implementation of secure cloud and data center architectures.

• Ensure that all security measures are integrated into cloud-based and on-premises systems.

• Collaborate with IT and development teams to align security with business goals.

• Project Management:

• Plan, execute, and oversee cybersecurity projects, ensuring they are completed on time and within budget.

• Collaborate with cross-functional teams and stakeholders to achieve project goals.

• Ability to work alongside team members and roll-up sleeves as part of project management.

• Security Governance and Compliance:

• Enforce compliance with relevant regulations and standards in collaboration with the Compliance team.

• Vulnerability Management:

• Ensure best practice external attack surface management (EASM), threat intelligence, metrics, and vulnerability scanning are executed.

Required Qualifications

• A minimum of 10 years of progressive experience in cybersecurity, with at least 5 years in senior leadership roles.
• Demonstrated experience in platform and perimeter security, network architecture, cloud security, and product security design.
• Deep understanding of security frameworks, protocols, and best practices. Proficiency in security technologies, risk assessment, compliance standards, relevant regulations (e.g., NIST, ISO 27001).
• Strong ability to influence and work cross functionally to drive business initiatives.
• Strong understanding of current cybersecurity threats, trends, and best practices.
• Excellent team leadership and management skills with a track record of building and leading high-performing cybersecurity teams.
• Exceptional communication and interpersonal skills to engage with stakeholders at all levels of the organization.

Preferred Qualifications

• Relevant certifications such as CISSP, GIAC or CISM are strongly preferred.

• Travel required up to 10% of the time.
• Located and working from an office location.
• Occasional lifting and/or moving up to 10 pounds.
• Frequent repetitive hand and arm movements required to operate a computer.
• Specific vision abilities required by this job include close vision (working on a computer, etc.).
• Frequent sitting and/or standing.

Is this role not an exact fit for you? Keep an eye on our Careers Page for other positions!

Vertafore is a drug-free workplace and conducts preemployment drug and background screenings.

The selected candidate must be legally authorized to work in the United States.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all the job responsibilities, duties, skill, or working conditions. In addition, this document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

Vertafore strongly supports equal employment opportunity for all applicants regardless of race, color, religion, sex, gender identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, sexual orientation, genetic information, or any other characteristic protected by state or federal law.

We do not accept resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.

Vertafore is a Flexible First working environment which allows team members to work from home as often as you’d like, while using our offices as a place for collaboration, community, and teambuilding. There are times you may be asked to come into an office and/or travel for specific meetings for a specific business purpose and this varies by job responsibilities.

About the job

Wabtec Corporation is a leading global provider of equipment, systems, digital solutions and value-added services for freight and transit rail. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation and Faiveley Transport, the company has unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress, creating transportation solutions that move and improve the world. Wabtec has approximately 27,000 employees in facilities throughout the world. Visit the company’s new website at: http://www.WabtecCorp.com.

It’s not just about your career… or your job title…it’s about who you are and the impact you are going to make on the world. Do you want to go into uncharted waters…do things that haven’t been done to make yours and someone else's life better? Wabtec has been doing that for decades and we will continue to do so! Through our people, leadership development, services, technology and scale, Wabtec delivers better outcomes for global customers by speaking the language of industry.

Who will you be working with?

Our best-in-class Enterprise Information Security team has overarching responsibility for cyber security across our global Wabtec Enterprise. You will drive the strategy and define requirements to protect company assets and businesses.

How will you make a difference?

As a member of our IT leadership staff, Wabtec is looking for an individual to run a best-in-class Cyber Security & Risk function. The VP – Chief Information Security Officer reports directly to the CIO and is responsible for establishing and maintaining Wabtec’s enterprise information security policy and strategy, ensuring availability, integrity and confidentiality of customer, business partner, employee and business information. This position leads a global team that oversees the development, implementations, and enforcement of several key security domains including Security Operations, Application Security, Security Architecture, and Governance, Risk & Compliance (GRC). The right leader for this job will be passionate about security, both enterprise and product, and takes pride in developing people and process.

• Develop, implement and monitor a strategic, comprehensive enterprise information security, product, and IT risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Provide thought leadership and advice for Wabtec product development teams around tools and processes which would contribute to the overall cyber security of the Company’s commercial software products
• Supervisory Responsibilities
• Managing staff of 5 direct reports and an organization of 20-30 employees
• Monitoring and reviewing the work of staff members, including conducting annual performance reviews
• Participate in hiring and recruitment efforts, including interviews for employees in Security & Risk department
• Other duties as assigned

Required Qualifications

• Degree in business administration or a technology-related field required
• Professional security management certification
• Minimum of 8 to 12 years of experience in a combination of risk management, information security and IT jobs
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Experience with contract and vendor negotiations and management including managed services
• Experience with Cloud computing/Elastic computing across virtualized environments
• Able and willing to travel, occasionally internationally, up to 20%

Preferred Qualifications

• Advanced college degree in related technology field (Computer, Engineering, Science, etc.)
• Approximately 15+ years of experience in related IT roles
• Able to exhibit a progression of increasingly complex job responsibilities during the period inclusive of senior staff management oversight for large global organizations
• Drive efficiency through automation
• Strategic and creative thinking to analyze issues that may arise and create solutions
• Ability to respond positively to feedback and implement change in process and procedures as needed
• Ability to work in a fast-paced environment

What about the physical demands of the job?

• Regularly remaining in a stationary position, often standing or sitting for prolonged periods
• Regularly communicating with others to exchange information
• Regularly required to attend meetings in person and virtually using video and audio computer equipment
• Regularly repeating motions that may include the wrists, hands and/or fingers, such as typing
• Occasionally moving about to accomplish tasks or moving from one worksite to another
• Occasionally light work that includes moving objects up to 20 pounds

Work Environment:

• Hybrid schedule at the Pittsburgh site three days per week.
• The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment. During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise

Relocation assistance may be provided if eligibility requirements are met.

Wabtec Corporation is committed to taking on the world’s toughest challenges. In order to fulfill that commitment we rely on a culture of leadership, diversity and inclusiveness. We aim to employ the world’s brightest minds to help us create a limitless source of ideas and opportunities. We believe in hiring talented people of varied backgrounds, experiences and styles…people like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.

About the job

This role will be in our Cleveland-based Headquarters. All applicants must be currently residing in Northern OH, or, be willing to relocate to Cleveland. A liberal relocation package is available.

Who We Are:

Park Place Technologies is a global data center and networking optimization firm. Powered by the world’s largest on-the-ground engineering team, a robust group of advanced engineers and our fully staffed, 24x7x365 Enterprise Operations Center, we offer a robust portfolio of IT solutions to optimize networking and data center Uptime and performance. As the industry leader, our 2500 Park Place Associates provide support to 21,000+ customers in more than 154+ countries. We are proud to service 90% of Fortune 500 companies and 40% of Forbes 100 clients.

Top Rated Benefits We Offer:

• Executive benefits package
• We cover 100% of your Healthcare benefits!
• Flexible Vacation to promote work-life balance.
• 12 weeks of Paid Maternity Leave
• Annual Profit Sharing
• 401K matching contributions and earnings are always 100% vested.
• Plus, much more!!!

Position Overview:

The CISO is responsible for maintaining the Park Place Technologies information security program, including our security and risk policies, to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected for our employees and our customers. The CISO will develop and implement effective information security policies and procedures to secure sensitive systems and data as well as oversee the security of systems, data, and activities. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.

What you’ll be doing:

Manage the Information Security Program:

• Provide strategic leadership for risk and compliance programs, IT systems, and security programs.
• Ensure compliance with our chosen information security standards, based upon the NIST Cybersecurity Framework.
• Report on compliance and security metrics to senior business leaders both internal and external.
• Continuously improve our information security awareness training program for all employees and contractors.
• Participate in business and technology projects to ensure the standards of the Information Security Program are considered and in place for all projects.

Lead the Organization:

• Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.
• Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas.
• Manage the budget for the information security function, monitoring and reporting discrepancies.
• Coordinate an effective information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews.

Determine Strategy:

• Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
• Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
• Assist in new product development, adjusting our strategy as necessary to recognize new threats introduced with new products.
• Work with senior management to identify, define and confirm the key threats to PPT information assets, internally and externally.
• Identify and champion projects that continuously improve our security stance.

Operate the Function:

• Work with business units to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.
• Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.
• Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
• Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
• Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
• Oversee external vendors who provide security functions to PPT.
• Maintain, improve and drive strategy to ensure our SOC 2 and ISO 9001 certifications remain compliant.

What we’re looking for:

Required Qualifications:

• Minimum of ten to fifteen years of experience in a combination of risk management, information security and IT jobs (at least five must be in a senior leadership role).
• Five to ten years of information security leadership experience with a SaaS provider.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Ability to communicate effectively with external customers, explaining our security posture for PPT products and services in both 1-1 customer meetings and general forums.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker, with strong problem-solving skills.
• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR.
• Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
• Professional security management certification is expected, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Experience with contract and vendor negotiations.
• Excellent stakeholder management skills.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
• Must be willing to work four days in office (one day remote) each week.

Travel:

• Up to 15%

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by calling 1-877-778-8707.

Park Place Technologies is an Equal Opportunity Employer M/F/D/V.

Park Place Technologies has an in-house recruiting team that focuses exclusively on the hiring needs of our company. We are not currently accepting additional third-party agreements or unsolicited resumes. If you would like to be considered as a preferred partner with Park Place Technologies, please submit your detailed information to careers@parkplacetech.com. Any CVs submitted directly to hiring managers will be considered unsolicited and become the property of Park Place Technologies.