Chief Information Security Officer
New York City, NY, USA | MSCI
IT / Information Technology
Job Description:86 people have viewed this job
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an Enterprise-wide information security program to ensure MSCI is adequately protected. This position is responsible for setting the overall strategy for information security in alignment with compliance and regulatory requirements, technology and business strategy.
The CISO will lead the efforts of evaluating and reporting information security risks, develop proactive programs to prevent, detect and protect the company’s assets, will work proactively with the business and technology teams to implement practices that meet defined policies and standards for information security and oversees all IT risk management activities. This role serves as the process owner of all ongoing activities related to the availability, integrity, and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies. A key element of this role is to work with executive management to determine acceptable levels of risk for the organization.
The CISO position requires a visionary leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solver, an effective consultant and solid domain competency in the field of information security.This role must be highly knowledgeable about the business environment and must ensure that all information systems are maintained in a fully functional, secure mode.
Develop, implement and monitor a strategic, comprehensive enterprise-wide Information Technology security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by the organization
Develop, maintain and execute a proactive Information Security Strategy that evolves with the business
Provide expert leadership in the development, implementation, and maintenance of an information security program and associated infrastructure which entails the monitoring of information security trends internal and external to the organization and keeping senior management informed about information security-related issues that could affect the organization
Manage the enterprise's IT Security organization, consisting of direct reports and indirect reports (such as individuals in other areas of IT) including providing security guidance, hiring, training, staff development, and performance management
Provide guidance and advocacy regarding prioritization of IT investments and practices that impact information security and risk including the management of the information security budget
Create and manage information security/ risk management awareness and training programs for all employees, contractors and approved system users
Identify acceptable levels of risk, while balancing business needs, and establish roles and responsibilities regarding information classification and protection
Responsible for presenting overall IT risk to management and to the MSCI Board of Directors and Audit Committee
Provide strategic and tactical security guidance for all IT projects and practices, including the evaluation and recommendation of technical security and contractual controls.Work with the enterprise architecture and development teams to ensure security is implemented in the strategic architecture and new software development,
Ensure that security programs are following applicable laws, regulations, and policies to minimize or eliminate risk and audit findings
Create and facilitate the information security risk assessment and threat and vulnerability processes, including reporting and oversight of remediation efforts to address negative findings
Ensure the Corporation maintains an effective Cybersecurity program to protect critical IT assets and customer and corporate data.Oversee firm’s Data Protection/Data Privacy program.
Assist various teams in the investigation of security incidents and events to protect corporate IT assets, including intellectual property, confidential data, and other IT fixed assets while protecting the company's reputation.As necessary, lead the real-time management of firm’s response to and resolution of an IT security event or breach.
Develop operational and strategic relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program
Responsible for the direction, coordination and execution of business continuity and disaster recovery plans with businesses and IT organization
Plan and coordinate internal and third-party led test, assessments and audits of IT security capabilities.Institute “table top” planning or other readiness practices as appropriate.
Desired experience and qualifications:
Direct experience in leading best-in-class IT security function in high risk exposure industry or environment
Proven ability to operate within the financial services industry
Ability to interact professionally with colleagues and/or customers for different purposes in different contexts
Ability to collaborate across the organization
Maintain composure under pressure
Ability to comprehend and follow verbal or written instructions
Effective verbal and written communication
Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)