VP, Chief Information Security Officer

Summary

The Chief Information Security Officer (CISO) is accountable for assessing, sustaining, and maturing Northwestern Mutual's enterprise-wide information risk management and cyber security practice. This executive leadership role champions a security-first, integrated risk culture, ensuring effective technical and administrative controls are embedded in IT and the business. As the leader of the enterprise's second line of defense, this role is responsible for proactively assessing, prioritizing, and sequencing the treatment of cyber threats and information security risks to ensure ongoing compliance and alignment with industry standards and regulations. Additionally, the CISO advises and influences executive leadership and the Board of Trustees on all matters related to information security.

Primary Duties & Responsibilities

• Experienced technology leader with deep financial skills, capable of developing a comprehensive and fiscally balanced investment plan, capable of managing a deeply talented Information Security organization with proven leadership skills in a complex relationship driven operating culture, proven track record of leading beyond their core domain and operating as a bar raiser for the entire technology ecosystem

• Sustaining and maturing the enterprise-wide information risk management and cyber security practice, facilitating information security governance topics and status, establishing risk tolerances/acceptances, and investment in mitigation.

• Defining and managing top IT risk reductions through design validation and testing control effectiveness, as well as leading programs to consume and synthesize threat intelligence, monitor emergence of threats and vulnerabilities, and drive appropriate treatments.

• Maturing Northwestern Mutual's Information Protection Program by continually assessing control effectiveness against current and emerging threats and partnering with technology leaders to deploy and operate effective controls with measurable outcomes expressed in well-defined metrics, goals, and OKRs.

• Leading and developing teams accountable for threat modeling, information security policy, standards/controls, strategy/operations, risk governance, attack simulation, and incident response.

• Socializing and measuring adherence to enterprise cyber security risk posture through information security resources and capabilities to defend the enterprise and react as our environment changes.

• Building an integrated risk culture by partnering with leaders enterprise-wide to ensure alignment, strong tone at the top, and advocacy and adherence across the workforce.

• Fostering a rewarding employee experience based on opportunities to grow, attracting and retaining high performing and diverse talent and building Northwestern Mutual's brand in the industry.

• Providing expertise to multiple enterprise governance functions including third-party risk, data governance, privacy, etc.

Qualifications

• A minimum of 10 years of experience in information security or risk management; relevant certifications such as CISSP, CISM, and/or CISA a plus.

• Leadership experience in a large, complex organization including budget management and resource allocation.

• Exceptional leadership, communication, and interpersonal skills.

• Ability to work collaboratively across interdisciplinary teams and manage relationships across multiple areas of the business including Software Engineering, Infrastructure, Cloud, Audit, Privacy, Compliance, Trustees and other executive stakeholders

• Ability to effectively lead change and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

• Ability to think strategically and align information security initiatives with business goals.

• Ability to translate technical cybersecurity issues/concerns into potential business implications that are meaningful to executive leadership

• Strong understanding of compliance frameworks and regulations such as NIST (800-171, CSF), SOC 2, SOC 3, HIPAA/HITECH, 23 NYCRR 500.

• Experience in project delivery methodologies and process such as Scrum, Agile, SAFe, Lean.

• Bachelor's degree with emphasis MIS, Computer Science or other computer/ business related discipline.

We believe in fairness and transparency. It's why we share the salary range for most of our roles. However, final salaries are based on a number of factors, including the skills and experience of the candidate; the current market; location of the candidate; and other factors uncovered in the hiring process. The standard pay structure is listed but if you're living in California, New York City or other eligible location, geographic specific pay structures, compensation and benefits could be applicable, click here to learn more.

Job Posting End Date:

The timeline for this job posting may be shortened or extended based on organizational needs.

Grow your career with a best-in-class company that puts our clients' interests at the center of all we do. Get started now!

Northwestern Mutual is an equal opportunity employer who welcomes and encourages diversity in the workforce. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas, seek challenges, assume leadership and continue to focus on meeting and exceeding business and personal objectives.

We're excited about the potential people bring to Northwestern Mutual. You can grow your career here while enjoying first-class perks, benefits, and our commitment to a culture of belonging.

• Flexible work schedules
• Concierge service
• Comprehensive benefits
• Employee resource groups