Chief Information Security Officer - Baltimore

The Head of Information Security (CISO equivalent) at T. Rowe Price is responsible for information security across the enterprise. Reporting to the Head of Technology and working with the firms’ senior management team, the CISO is responsible for developing and executing an enterprise-wide information security and risk management strategy that balances the need to protect T. Rowe Price and its customer’s information, comply with applicable regulatory standards, and implement those strategies in a way that recognizes the need to successfully run the business. The CISO oversees the creation, maintenance and implementation of information security policy, leads information security risk assessment efforts, is responsible for reaction to information security incidents and owns the enterprise information security awareness and training programs. The CISO will lead Information Security strategies and programs that enable T. Rowe Price to conduct business in a secure manner and will be responsible for developing and monitoring practices to ensure that T. Rowe Price’s information assets are secure from unauthorized access, protected from inappropriate altercation, physically secure and available only to authorized users. The CISO is responsible for establishing and maintaining a powerful network of contacts both within the industry and across local, national and international security services (both government and privately funded) in order to proactively react to emerging threats to T Rowe Price’s business in whatever form they may take. The current Information Security team is made up of approximately 50 professional associates and 20 contract resources. Specific Responsibilities: Working in close partnership with T. Rowe Price’s technology and business leaders across the organization, the successful candidate will be responsible for: • Architecting, designing, building and maintaining an environment that safeguards T. Rowe Price information assets. • Ensuring security governance for T. Rowe Price through the maintenance of information security policies, standards, and guidelines. • Developing an enterprise information security architecture and roadmap that is capable of scale, identifying potential areas of risk while meeting business, information security needs, and protecting customer information. • Recruiting, mentoring, developing and retaining a staff of information security technology professionals to support and drive continued growth of the organization. • Building and maintaining a network of peers throughout the industry and across national and international security services in order to monitor information security trends internal and external to T. Rowe Price keeping senior management informed about information security-related issues and activities affecting the organization. • Providing input to executives to ensure T Rowe Price’s information security posture is represented accurately to the public in a way that is consistent with the firms’ values and brand. • Serving as a subject matter expert in the development, implementation, and maintenance of the information security infrastructure. • Developing an ever more capable internal team through a combination of developing internal associates and selectively seeking to recruit the very best external resources. • Developing, publishing, educating and maintaining comprehensive enterprise-wide information security strategy, plans, policy, procedures, and guidelines. • Advising senior management on risk issues that are related to information security and recommending actions in support of the company’s wider risk management programs. • Working with the Audit department to ensure that the various lines of business include information security protection in both ongoing and planned operations. • Working with application design and development groups, and the IT  infrastructure team, to ensure that best practices are developed and followed for; • Vendor evaluation and purchases • Defensive code development • Use of Open source components • Data encryption and masking practices • Mobile and cloud services usage The Ideal Candidate is : Currently leading a significant security organization with the Financial Services industry and has an established network of industry and law enforcement relationships. Currently a team builder, team player, influencer, and a leader.  They have the personal drive, passion and enthusiasm to both understand and successfully navigate a company undergoing meaningful transformations in both technology and business lines. Improving results in a challenging environment who takes accountability for security. Improving performance and driving high performance in their current team. Developing effective internal and external relationships across divisional boundaries and demonstrates they can make and influence decision making within a complex corporate culture. Previous Experience and Education: A minimum 10+ years of technology leadership experience, with specific focus on Information Security. The successful candidate will have a deep and fundamental technology heritage that will enable them to garner the respect of top security technologists as well as the top leaders and technologists within the financial industry. A track record of success in complex environments where technology is critical to the business. Experience recruiting, building and leading world-class technology teams of significant scale. An ability to flex styles to work well with a range of personalities from extremely technical team members, to non-technical business leaders. Experience communicating information security related concepts to a broad range of technical and non-technical audiences. Demonstrated success in establishing executive relationships and influencing executive decision-making of business and technology leaders. Exceptional communication skills necessary to advise and influence senior management, the Board of Directors and external organizations. Demonstrated and deep understanding of enterprise-wide multiplatform operating system security, network security, application security, database security, regulatory compliance, risk management, etc. A track record of assessing threat and vulnerability from a business as well as a technical perspective and the ability to develop and champion appropriate, effective, and timely security architectures and solutions that support growth of the firm’s business. T. Rowe Price is an Equal Opportunity Employer

Expired, click here to search for relevant jobs

Around the Network