Apply Now

Chief Information Security Officer

New York City, NY, USA | MSCI

  • Industry:
    Financial Services
  • Position Type:
  • Functions:
    General Management
    IT / Information Technology
    Risk Management
  • Experience:
Job Description:
100 people have viewed this job

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an Enterprise-wide information security program to ensure MSCI is adequately protected. This position is responsible for setting the overall strategy for information security in alignment with compliance and regulatory requirements, technology and business strategy. 

The CISO will lead the efforts of evaluating and reporting information security risks, develop proactive programs to prevent, detect and protect the company’s assets, will work proactively with the business and technology teams to implement practices that meet defined policies and standards for information security and oversees all IT risk management activities. This role serves as the process owner of all ongoing activities related to the availability, integrity, and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies. A key element of this role is to work with executive management to determine acceptable levels of risk for the organization.

The CISO position requires a visionary leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solver, an effective consultant and solid domain competency in the field of information security.This role must be highly knowledgeable about the business environment and must ensure that all information systems are maintained in a fully functional, secure mode.


Develop, implement and monitor a strategic, comprehensive enterprise-wide Information Technology security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by the organization

Develop, maintain and execute a proactive Information Security Strategy that evolves with the business

Provide expert leadership in the development, implementation, and maintenance of an information security program and associated infrastructure which entails the monitoring of information security trends internal and external to the organization and keeping senior management informed about information security-related issues that could affect the organization

Manage the enterprise's IT Security organization, consisting of direct reports and indirect reports (such as individuals in other areas of IT) including providing security guidance, hiring, training, staff development, and performance management

Provide guidance and advocacy regarding prioritization of IT investments and practices that impact information security and risk including the management of the information security budget

Create and manage information security/ risk management awareness and training programs for all employees, contractors and approved system users

Identify acceptable levels of risk, while balancing business needs, and establish roles and responsibilities regarding information classification and protection

Responsible for presenting overall IT risk to management and to the MSCI Board of Directors and Audit Committee

Provide strategic and tactical security guidance for all IT projects and practices, including the evaluation and recommendation of technical security and contractual controls.Work with the enterprise architecture and development teams to ensure security is implemented in the strategic architecture and new software development,

Ensure that security programs are following applicable laws, regulations, and policies to minimize or eliminate risk and audit findings

Create and facilitate the information security risk assessment and threat and vulnerability processes, including reporting and oversight of remediation efforts to address negative findings

Ensure the Corporation maintains an effective Cybersecurity program to protect critical IT assets and customer and corporate data.Oversee firm’s Data Protection/Data Privacy program.

Assist various teams in the investigation of security incidents and events to protect corporate IT assets, including intellectual property, confidential data, and other IT fixed assets while protecting the company's reputation.As necessary, lead the real-time management of firm’s response to and resolution of an IT security event or breach.

Develop operational and strategic relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program

Responsible for the direction, coordination and execution of business continuity and disaster recovery plans with businesses and IT organization

Plan and coordinate internal and third-party led test, assessments and audits of IT security capabilities.Institute “table top” planning or other readiness practices as appropriate.

Desired experience and qualifications:

Direct experience in leading best-in-class IT security function in high risk exposure industry or environment

Proven ability to operate within the financial services industry

Ability to interact professionally with colleagues and/or customers for different purposes in different contexts

Ability to collaborate across the organization

Maintain composure under pressure

Ability to comprehend and follow verbal or written instructions

Effective verbal and written communication

Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

Other companies hiring with Ivy Exec

 Company Logos