The Company
Common Securitization Solutions (CSS) is seeking an experienced VP, Chief Information Security Officer (CISO) to join our team of talented professionals. This is a full-time remote opportunity.
CSS built and operates the largest and most advanced mortgage securitization platform in the world, supporting the Uniform Mortgage-Backed Security (UMBS) of Fannie Mae and Freddie Mac.
Supporting 70% of the mortgage-backed securities in the market, CSS provides best-in-class single-family issuance, bond administration, disclosure, and tax services. We support a broad portfolio of products for our clients with full lifecycle management.
Our market-leading, cloud-based, end-to-end platform executes transactions on an extraordinary scale which has bolstered liquidity in the secondary mortgage market, one of the largest and most important financial markets in the world. Our unique approach to securitization combines the best minds in financial services with the know-how, flexibility, and innovation of leading technologists.
RESPONSIBILITIES
Job InformationAs a senior member of the IT leadership team, the CSS VP, Chief Information Security Officer (CISO) is responsible for establishing and maintaining a corporate-wide Information Security management program, socializing and driving adoption of the appropriate Information Security processes and policies, and ensuring the adequate protection of CSS data, users, and cloud-based software solutions and services.
The CISO is a key leadership role for the Company, reporting to the CTO. With the empowerment and support of the CTO, the role interacts with and influences the CEO and other members of the Executive Committee, Board Members, Regulators and Industry participants on a regular basis, exhibiting advanced leadership and communication skills. The role also is expected to enable and develop a high functioning team, leading by example, setting strategy and serving as a role model.
The CISO will participate as key member in internal and tri-party (Fannie Mae and Freddie Mac) committees and forums considering a variety of technology and business related matters such as resiliency, crisis management, scenario response planning, artificial intelligence and change management. The role collaborates closely with internal and external stakeholders, to ensure compliance with established risk and regulatory policies.
Key Job Functions
- Develop and communicate a strategic cybersecurity vision aligned with the overall business objectives.
- Implement and monitor comprehensive enterprise Information Security and IT risk management program integrated with architecture and operations disciplines.
- Partner with executive management, Enterprise Risk Management, Compliance, Internal Audit, and external Regulators and audit personnel, to discern acceptable levels of risk for the organization.
- Collaborate closely with GSE counterparts, regulators, and other governing agencies regarding intelligence of potential threats and the appropriate response level.
- Provide leadership to the enterprise's Information Security organization through leading, mentoring, and inspiring a high performing, collaborative cybersecurity team.
- Understand and interact with business, corporate, and technology disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
- Partner with contributors across the company to raise awareness of risk management concerns.
- Oversee planning and execution of necessary vulnerability audits, penetration testing or forensic IT audits and investigations.
- Oversee integration of new IT Systems Development with the overall IT, Data, and Information Security policies.
- Monitor compliance with the organization's Information Security policies and procedures among employees, contractors, alliances, and other third parties.
- Ensure the Information Security program has the necessary controls, controls are active and exercised, and run exercises to ensure controls work as expected.
- Ensure data loss and fraud prevention policies and procedures are effective and followed and advise on vendor risk and data/fraud exposure.
- Conduct investigations and forensics in a security breach, execute preventative measures, and report to executive team and the board.
- Lead and manage the Cyber Security team to automate security processes, enhancing efficiency and accuracy.
- Stay abreast of emerging security threats and technologies, providing strategic guidance on evolving security trends.
- Prepare and deliver Info Sec updates and materials for our Board and executive team periodically.
- Partner with CISO community to share standard methodologies.
QUALIFICATIONS
Education
- Bachelor's degree in Computer Science, Information Technology Engineering, or related field.
Minimum Experience
- Minimum of 15 years of experience in a combination of risk management, Information Security and IT jobs; prior experience heading an Information Security organization
- Professional security management certification
- Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.
Specialized Knowledge & Skills
- Knowledge of common Information Security and information risk management frameworks.
- Experience and deep knowledge of cloud-based services and related cybersecurity best practices.
- Experience managing varied key stakeholders, both internal and external to the organization.
- Experience and knowledge in software development practices.
- Experience with integrating functional security metrics into an enterprise risk management context.
- Experience working in a highly regulated entity.
- Experience managing departmental budgets.
- Experience with contract and vendor negotiations and management including managed services.
- Innovative thinking and leadership with an ability to lead and motivate multi-functional, interdisciplinary teams under a variety of circumstances.
- Ability to effectively communicate with and influence senior level management and key stakeholders.
- Excellent written, verbal, and inter-personal communication skills and high level of personal integrity.
Pay Range $297,000 to $328,000
CSS's pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) a candidate's qualifications, skills, competencies, and experience, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. CSS offers a competitive total compensation package, which includes a performance bonus, 401k match, healthcare coverage, PTO, and a broad range of other benefits.
Employment
As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
Common Securitization Solutions is an Equal Opportunity Employer.
##LI-Remote
Employment Type: FULL_TIME