Job Description
POSITION SUMMARY: The VP, Chief Information Security Officer (CISO) is responsible for defining and executing the enterprise cybersecurity strategy for FPI (Financial Partners Inc), ensuring alignment with business objectives, regulatory expectations, and the organization’s commitment to customer trust. Serving as a key member of the leadership team, this role advises executive management and the Board on cybersecurity risks, emerging threats, and risk posture. Operating within a complex financial services environment, the CISO oversees security engineering, security operations, governance, risk and compliance (GRC), and security architecture across a hybrid infrastructure that includes cloud, on-premise systems, modern application development, and third-party integrations. The role carries accountability for building and leading high-performing teams, managing budget and resources, and driving the execution and continuous maturity of the enterprise security program. DUTIES AND RESPONSIBILITIES: Lead enterprise-wide cybersecurity strategy aligned to business growth and technology modernization Oversee cloud security, application security, Descopes, and data protection strategies Own incident response, crisis management, and breach response coordination Provide regular strategic briefings to executive leadership and Board of Directors Develop and track cybersecurity KPIs/KRIs and program maturity (e.g., NIST CSF) Oversee third-party and supply chain security risk management Partner with business leaders to enable secure product and service delivery Develop and maintain an Information Security program for a large Financial Services technology provider. Develop information security policies, practices, and recommendations for technology enhancements as necessary to reflect changing technology trends and security initiatives. Develop standards for security administration to be used within FPI and partner associations. · Coordinate the development and implementation of a security awareness program to inform internal and association partner employees about security issues. Perform security risk assessment, testing, and monitoring of security programs and policies and works with the Head of Internal Audit to ensure that the target results meet the expectations of our regulators and customers. · Oversee preparation of the Information Technology Risk and Security Risk Assessment including a cyber-security assessment. · Responsible for overall internal controls framework including testing controls to support all audit activities including SOC (Standards of Conduct). · Recommend improvements, modifications, and new procedures to mitigate risk and address inadequate or weak controls. · Provides enterprise level reporting, leadership, and the Board insight into the organization''s risk posture. ADDITIONAL RESPONSIBILITIES Work with the CTO to ensure that the security architecture design is appropriate for all major technology infrastructure and application system development projects. Complete pre-implementation and post-implementation security assessments of technology infrastructure and application development projects. Maintain current knowledge on evolving information security issues and legislation. Apply new concepts to the FPI environment. Support the internal audit function through the development and implementation of an Information security risk assessment program (security risk assessment, testing, and monitoring). Other tasks as assigned. MINIMUM KNOWLEDGE AND EDUCATION REQUIREMENTS: Bachelor''s degree with typically at least 15 years of experience related to the duties and responsibilities specified. CISSP (Certified Information Systems Security Professional), CISM or similar certification is required. Master’s degree in business, technology, or related field highly desired. Expert on current technological trends and developments in information security with a deep understanding of Financial Services Information Security standards, regulations, and best practices. Expert level knowledge of IT (Information Technology) security products and techniques, network infrastructure, applications, and equipment pertinent to a large, distributed, heterogeneous computing environment. Must possess advanced verbal and written communication skills to provide technical guidance and leadership to professional personnel in security areas. Strong interpersonal skills and the ability to work effectively with a wide range of constituencies in a diverse community. MANAGERIAL FUNCTIONS Oversee daily team operations to ensure alignment with organizat