Executive Director/Managing Director, Chief Information Security Officer
About MSCI For more than 40 years, MSCI’s research-based indexes and analytics have helped the world’s leading investors build and manage better portfolios. Clients rely on our offerings for deeper insights into the drivers of performance and risk in their portfolios, broad asset class coverage and innovative research. Our line of products and services includes indexes, analytical models, data, real estate benchmarks and ESG research. MSCI has $1.5 Billion of software and content-based products and services. MSCI serves 98 of the top 100 largest money managers, according to the most recent P&I ranking.
For more information, visit us at www.msci.com. Position overview: The Chief Information Security Officer (CISO) is responsible for establishing and maintaining an Enterprise-wide information security program to ensure MSCI is adequately protected. This position is responsible for setting the overall strategy for information security in alignment with compliance and regulatory requirements, technology and business strategy. The CISO will lead the efforts of evaluating and reporting information security risks, develop proactive programs to prevent, detect and protect the company’s assets, will work proactively with the business and technology teams to implement practices that meet defined policies and standards for information security and oversees all IT risk management activities. This role serves as the process owner of all ongoing activities related to the availability, integrity, and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies. A key element of this role is to work with executive management to determine acceptable levels of risk for the organization. The CISO position requires a visionary leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solver, an effective consultant and solid domain competency in the field of information security. This role must be highly knowledgeable about the business environment and must ensure that all information systems are maintained in a fully functional, secure mode.
Responsibilities: Develop, implement and monitor a strategic, comprehensive enterprise-wide Information Technology security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by the organization Develop, maintain and execute a proactive Information Security Strategy that evolves with the business Provide expert leadership in the development, implementation, and maintenance of an information security program and associated infrastructure which entails the monitoring of information security trends internal and external to the organization and keeping senior management informed about information security-related issues that could affect the organization Manage the enterprise's IT Security organization, consisting of direct reports and indirect reports (such as individuals in other areas of IT) including providing security guidance, hiring, training, staff development, and performance management Provide guidance and advocacy regarding prioritization of IT investments and practices that impact information security and risk including the management of the information security budget Create and manage information security/ risk management awareness and training programs for all employees, contractors and approved system users Identify acceptable levels of risk, while balancing business needs, and establish roles and responsibilities regarding information classification and protection Responsible for presenting overall IT risk to management and to the MSCI Board of Directors and Audit Committee Provide strategic and tactical security guidance for all IT projects and practices, including the evaluation and recommendation of technical security and contractual controls. Work with the enterprise architecture and development teams to ensure security is implemented in the strategic architecture and new software development, Ensure that security programs are following applicable laws, regulations, and policies to minimize or eliminate risk and audit findings Create and facilitate the information security risk assessment and threat and vulnerability processes, including reporting and oversight of remediation efforts to address negative findings Ensure the Corporation maintains an effective Cybersecurity program to protect critical IT assets and customer and corporate data. Oversee firm’s Data Protection/Data Privacy program. Assist various teams in the investigation of security incidents and events to protect corporate IT assets, including intellectual property, confidential data, and other IT fixed assets while protecting the company's reputation. As necessary, lead the real-time management of firm’s response to and resolution of an IT security event or breach. Develop operational and strategic relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program Responsible for the direction, coordination and execution of business continuity and disaster recovery plans with businesses and IT organization Plan and coordinate internal and third-party led test, assessments and audits of IT security capabilities. Institute “table top” planning or other readiness practices as appropriate. Desired experience and qualifications: Direct experience in leading best-in-class IT security function in high risk exposure industry or environment Proven ability to operate within the financial services industry Ability to interact professionally with colleagues and/or customers for different purposes in different contexts Ability to collaborate across the organization Maintain composure under pressure Ability to comprehend and follow verbal or written instructions Effective verbal and written communication Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) Due to the great number of applications we receive for each of our open vacancies, we are unable to respond on an individual basis.
To all recruitment agencies: MSCI does not accept unsolicited CVs/Resumes. Please do not forward CVs/Resumes to any MSCI employee, location or website. MSCI is not responsible for any fees related to unsolicited CVs/Resumes. MSCI Inc. is an equal opportunity employer committed to diversifying its workforce. It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, gender, gender identity, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy (including unlawful discrimination on the basis of a legally protected pregnancy/maternity leave), veteran status, or any other characteristic protected by law.
Executive Director/Managing Director, Chief Information Security Officer