Head of Enterprise Information Risk Management
As part of this significant modernization effort, MassMutual seeks a progressive and dynamic Chief Information Security Officer (CISO) to lead the evolution of the information security capability against a backdrop of significant digital transformation within the company. The Chief Information Security Officer will report directly to the Head of ETX( Enterprise Technology & Customer Experience).
The Chief Information Security Officer will work in close partnership with leadership to develop and proliferate an enterprise cyber security posture, ensuring secure emerging technological and business capabilities while anticipating risks without impeding MassMutual’s commercial or technological goals. The CISO will serve as both an operator and influencer, creating an environment of collaboration across entities by setting a strategic vision and ensuring adherence to standards, while elevating and strengthening the collective information security capability.
KEY RELATIONSHIPS
Reports to
Head of Enterprise Technology and Experience
KEY RESPONSIBILITIES
- Identify information security and risk priorities by assessing the current environment, monitoring potential threats, identifying trends, assessing system vulnerabilities, conducting regular and ongoing monitoring of organizational compliance with standards and policies, and recommend courses of action to key stakeholders.
- Based on the current state cyber capability, set a strategic vision for evolving the program to address existing and potential threats in the context of shifting commercial priorities.
- Act as a business owner for information risk and cyber security, dimensioning appropriate financial and risk tolerances to support responsible but innovative business growth.
- Manage third party and vendor partnerships in support of necessary capabilities.
- Continually benchmark MassMutual’s information risk program to the industry.
- Lend cyber expertise in commercial discussions and support the business in their ability to understand and articulate cyber security concepts to the market.
- Assist commercial leaders in sales activities that require expertise in the area of cyber risk management; and host existing and potential customers for cyber briefings and audits.
- Provide guidance and counsel to key stakeholders, including the CIO and Head of Digital and Customer Experience, working closely to define objectives for information security, while building relationships and goodwill.
- Update and educate Board of Directors on current cyber threats, issues, and risks. Provide regular status updates on progress and status of initiatives and operations.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay abreast of information security issues and regulatory changes affecting the company. Participate in industry forums and represent MassMutual as thought leader regarding cyber security. Maintain knowledge of current security industry trends, government regulations, and advancements in information security through researching technical publications and membership in professional associations to maintain high quality and current expertise in security practices and technologies.
- Develop a mature and agile information security program by defining and implementing risk assessment processes, providing oversight and reporting of improvement plans and corrective actions, providing clarity of ownership and accountability and ensuring adaptability to meet changing requirements, mitigate risks, strengthen defenses and reduce vulnerabilities.
- Maintain an understanding of business requirements and identify security risks that threaten those business operations.
- Work with business owners to identify and implement controls to detect and mitigate threats to company information assets to protect against significant financial loss.
- Manage a staff of technical and professional co-workers with a diversity of skills and experience levels. Ensure staff is knowledgeable and cross-trained and that opportunities are afforded to staff to develop and maintain their skills at the highest standards. Foster, through mentoring and leadership, critical and independent thinking skills and behaviors in staff.
DESIRED OUTCOMES
- Evolve the information risk and security program from reactive to proactive and progressive in terms of people, process and technology.
- Develop and deliver a comprehensive information security strategy and vision for the firm's near and long-term business needs in a dynamic cyber climate.
- Create a collaborative environment where information security is seen as an enabler to the business rather than an impediment.
REQUIRED SKILLS AND COMPETENCIES
The CISO is responsible for the business processes, data, and technologies used to identify, monitor, defend and respond to breaches of the risks and controls associated with MassMutual’s activities and services.
IDEAL EXPERIENCE
10+ years of information risk management and security leadership experience
Ideally in a complex, matrixed environment.
Demonstrated ability to lead multiple, concurrent security initiatives, both internal and market facing.
Ability to partner with other technical groups, business units and industry and external partners.
Demonstrated knowledge of modern software engineering methodologies, information technology infrastructure and technology architecture.
Commercially oriented with demonstrated experience as a partner to the business
Bachelor’s degree required, Master’s degree in information technology, business administration or a related field is preferred.
CRITICAL LEADERSHIP CAPABILITIES
Leading Change
- Communicates new direction or changes with clear rationale and appeal.
- Advocates for new direction, takes it onboard personally, even countering conventional practice.
- Speaks at all available opportunities about future direction.
- Adjusts communication style to changing situations and to respond to audience concerns (including culture, background, or style).
Collaborating and Influencing
- Negotiates with a genuine give-and-take approach, where both act as true peers and decisions are shared.
- Spends time identifying all stakeholders necessary and meets or connects with all of them, neglecting no one to shape a collective consensus.
- Identifies opportunities to build relationships that will help others achieve their objectives and reaches out to those people or new people.
Strategic Thinking
- Explains specifically how changes in competitors, clients, and market segments affect own business or institution.
- Translates broad corporate strategies into clear, specific objectives and plans for units and individuals.
- Creates plans that address specific segments or contrasts local market with other locations or segments.
- Thinks 2-3 years ahead