Vice President, Security Assurance

Information Technology Opportunity in Financial Services

Vice President, Security Assurance


Location: 20 E. Thomas Road, Phoenix, AZ  85012

INTERNAL APPLICANTS:  All qualified internal applicants, irrespective of location, will be considered for all internally posted roles at this time.  Compensation range displayed in internal postings is the national average, and compensation decisions will be employee-location based. 

Summary:

The VP, Security Assurance will direct the development and management of the Information Security Assurance and Security Awareness programs for Advisor Group.  Our selected candidate will provide vision and leadership for developing and supporting initiatives in the areas of technology security reviews and training.  The VP is responsible for directing information security controls by conducting periodic risk assessments to ensure that legal, regulatory and audit requirements are met.  This role provides guidance and facilitation for business practices related to external security and privacy reviews across the company relying on legal counsel, treasury, risk management and internal audit as resources.  Additionally, the VP of Security Assurance will provide the vision and leadership for developing and supporting security initiatives in the areas of Security Assurance and Awareness.  This role will direct the planning and implementation of the security awareness security assurance programs.  In addition, this candidate will be responsible for implementing and improving assurance process through technology platforms and automation such as GRC, IAM, and operations.

A successful candidate will be passionate about protecting data and critical assets to ensure Advisor Group maintains a strong brand in the in the industry.  In addition, demonstrate competencies in security assurance methodologies and implementation of such platforms, data protection and privacy, application and network architecture frameworks, and risk management lifecycle.

This position will report to the Chief Security, Privacy, and Data Officer.

Responsibilities:

  • Participate as a member of the security management team in governance processes of the organization’s security strategies and lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security strategies in the areas of Assurance and Awareness.
  • Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders.
  • Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
  • Specify the security requirements for, and audit the proper administration of, the facility’s security systems and their corresponding equipment or software ensuring that facilities, premises, and equipment adhere to all applicable technology policy, laws and regulations.
  • Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations falling within the designated area of responsibility.
  • Interacts with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO, NIST 800-53, etc.
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report on technology risk levels.
  • Effectively engages Advisor Group stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Maintain Advisor Group IT Security Policies and IT Security Standards
  • Maintain and enforce the Advisor Group IT Security exception process. Track progress and validate the completion of remediation plans
  • Designs, operates, and reports on all aspects of its governance framework, including development of governance templates, standards, guidelines, and tracking of key performance indicators
  • Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner
  • Perform risk analytics and reporting to identify potential patterns, trends as well as target areas for proactive focused deep dive assessments
  • Coordinate and support security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.
  • Advise management on industry developments in business practice, technology, security issues and legislation that impact the company’s security policy.
  • Manages the Security Awareness Program for the firm.
  • All other duties as assigned.

Education & Experience Requirements:

  • Bachelor’s degree in Information Technology or related field is preferred.  High school diploma (or equivalent) in combination with 5+ years of technical experience in an information security role will be considered.  Minimum of high school diploma or equivalent is required.  

Basic Requirements:

  • Experience with daily IT operations and best practice frameworks (ISO 27001/2, CIS Critical Controls, NIST 800-73, etc.) in one or more areas, such as system administration, networking and information security.
  • Experience in evaluating, developing and implementing vendor risk assessment and mitigation solutions
  • Demonstrated capability to understand and negotiate legal contractual language and effectively communicate with legal attorneys, business sponsors and sourcing teams.
  • Experience with data and analytics
  • Experience creating and utilizing KPIs and KRIs
  • Experience with dashboards and data visualization tools
  • An understanding of various data protection laws (e.g. GLBA, GDPR, CCPA, etc.)
  • Knowledge of risk data architecture and technology solutions
  • Skilled at building strong relationships, both internally with business and technology leaders and other leaders of the information security team, and externally with service providers and business partners
  • Excellent communication skills, including presentation, written and verbal.
  • Strong documentation, planning, negotiation, work prioritization and organizational skills.
  • Strong analytical skills
  • Able to work independently and be a self-starter; managing multiple tasks according to priorities; results oriented and proven ability to meet deadlines

Preferred Requirements:

  • Working knowledge of legislative and financial regulatory compliance is preferred
  • At least one active security/privacy certification (example: CISSP, CRISC, CISA, CISM, CIPP)
Be A Part Of The Team Behind Our Success!

At Advisor Group, we support more than 11,000 financial advisors, the people who help everyday Americans achieve their dreams. We’re a billion-dollar business with the mentality and drive of a startup. Join us in building something special.

Equal Opportunity Employer

Advisor Group is an equal opportunity employer. We celebrate diversity in our workplace and we hire the most qualified candidates without regard for age, ethnicity, gender, gender identity or expression, language differences, nationality or national origin, family or marital status, physical, mental, and developmental abilities (or the perception of a disability), genetic information, race, religion or belief, sexual orientation, skin color, social or economic class, education, work and behavioral styles, political affiliation, military service, caste, or any other characteristic protected by law.

Eligibility

Applicants for employment in the US must have valid work authorization that does not now and/or will not in the future require sponsorship of a visa for employment authorization in the US by Advisor Group.

Unqualified Applications

Advisor Group does not consider applications from candidates who do not meet the minimum qualifications stated in the job posting.

Recruiting Agencies

Advisor Group only accepts candidates from contracted recruiting firms and only for searches approved prior to submissions. Fees will not be paid for unsolicited submissions.