Responsibilities of the Role

Strategy & Business Engagement

• Develop and execute a multi-year strategy and roadmap for cyber and information security and technology risk management that drives measurable value for the business
• Serve as a trusted advisor for business partners, driving strategic discussions and influencing decisions on cyber and information security, resiliency, and technology risk management
• Maintain exceptional understanding and knowledge of relevant business and technology trends, leading practices, and CFA Institute’s business model to identify opportunities to deliver technology-driven business value.
• Leverage business acumen to create a bespoke and risk informed information security strategy, roadmap and workplan, measured by advanced metrics and risk quantification methods.
• Create and execute a geopolitical risk-aware information security program for senior leaders and other potentially targeted stakeholders.

Technology Leadership

• Maintain end-to-end accountability and ownership for cyber and information security strategy and solutions, threat detection and incident response, and IT risk management across the organization while effectively managing and mitigating risks and security requirements.

Cyber and Information Security Leadership

• Materially improve CFA Institute’s information security culture.
• Establish, implement, and facilitate an effective enterprise-wide information security governance program and execution plan that ensures the strategic alignment of information security with organizational objectives and drives accountability across the organization.
• Define, publish, and maintain the information security architecture along with the associated security standards and requirements for IT infrastructure and systems.
• Identify, evaluate, report, and facilitate mitigation of cyber and information security risks in a manner that builds stakeholder trust and meets compliance and regulatory requirements and aligns with and supports the risk posture of the organization.
• Engage in regular dialogue with business stakeholders to understand their needs and issues and provide guidance to comply with enterprise security strategy.
• Continually assess and evaluate emerging threats, assess potential degree of impacts, and prioritize strategic focus areas.
• Define and maintain enterprise cyber and information security standards, policies, and governance frameworks.
• Collaborate with corporate and business partners to develop procedures for handling security breaches identified as enterprise wide.
• Manage security engineering and security operations, including security tools and processes, threat and vulnerability management, intrusion detection, cyber intelligence, security incident response and forensics, and security event and log management.
• Oversee and manage a 24/7 Information Security Operations Center.
• Define, measure, and report on enterprise cyber and information security management Objectives and Key Results (OKRs) and Key Performance Indicators (KPIs), proactively identifying corrective action as required.
• Manage relationships with owners of surrounding / interfacing solutions to ensure continued integration and minimize change impacts.
• Materially improve organizational understanding and management of supply chain and other third-party risks.
• Identify required cyber and information security skills for the organization and provide strategic direction for security awareness and training programs to ensure adoption of secure behaviors and remediation of knowledge and skill gaps.
• Promote awareness of information security risks and trends. Oversee enterprise-wide information security training and awareness programs.
• Lead automation of security operations.

Qualifications of the Role

Required Qualifications

• Bachelor's degree in computer science, engineering, business, or relevant discipline with 15+ years of experience in an IT executive leadership position in cyber and information security in a global organization, or equivalent combination of education and experience
• 10+ years of proven leadership in information security, IT operations, and IT risk management, with specific experience delivering in a large, complex, global IT environment
• Proven experience with Information Security and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks
• Deep experience and knowledge working with industry-leading cyber and information security architectures, platforms, tools, and solution providers
• Strong understanding of industry and technology leading practices, emerging technologies, behavioral analytics and AI/ML and how to apply them to drive cyber, digital and business transformation
• Extensive experience implementing lean process design. Scaled Agile Framework (SAFe) certification is a plus
• Exceptional communications, storytelling and business engagement skills
• Advanced knowledge and experience in security architecture, cybersecurity, protecting sensitive information, security engineering and operations, security incident response and forensics, and operating a 24x7 information security operations center
• Demonstrated success leading and executing information security and IT risk management strategies and implementing enterprise-wide IT security technologies
• Proven ability to effectively partner with business stakeholders to build strong partnerships, foster good governance, ensure strategic business/IT alignment, and transform relationships at the senior level
• Proficiency in managing risk in IT application delivery environments
• Strong collaborator with outstanding interpersonal and diplomatic skills, including the ability to facilitate, negotiate, and influence successful outcomes. Ability to influence decision makers through collaboration, education, and working partnerships
• Demonstrated ability to lead and manage diverse multi-functional teams in multiple locations globally
• Flexibility in competently juggling competing priorities and changing expectations
• Ability to handle confidential and sensitive information with a high degree of professionalism
• Excellent knowledge of Microsoft Office suite

Preferred Qualifications

• Scaled Agile Framework (SAFe) certification

Travel and Working Requirements

• Eligible for flexible work arrangements in approved jurisdictions
• Occasional travel to CFA Institute meetings, events, and testing centers, no more than 10%

Additional Commentary

You can connect with the Recruiter on LinkedIn.

If you feel this opportunity could be the next step in your career, we encourage you to click “Apply” and complete our three-minute application.

To stay up to date on current news and events, follow CFA Institute’s LinkedIn page.

We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics: any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, religion, creed or belief, age, marital or partnership status, marital or family status, care giver status, pregnancy and maternity, sexual and other reproductive health decisions, physical abilities/qualities, disability, sexual orientation, gender, gender identity or expression, predisposing genetic characteristic, military or veteran status, status as a victim or witness of domestic violence or sex offense or stalking, unemployment status, infectious disease carrier status, migrant worker status, educational background, socio-economic status, geographic location and culture or any other basis protected by applicable law. This policy impacts all aspects of employment, including but not limited to, recruitment, hiring, compensation, training, development, promotion, demotion, layoff, recall, furlough, transfer, leave of absence, and dismissal. This is a global policy that applies to all CFA Institute employees, regardless of location.

Our application is not compatible with Internet Explorer (IE). We recommend using Chrome.