HomeServe USA

Returning Candidate?

Vice President, Information Security

Vice President, Information Security

Job ID 
2018-2659
Job Locations 
US-CT-Norwalk
Category 
Information Technology

More information about this job

Overview

HomeServe USA, ranked as a 2017 Top Work Place, provides emergency repair plans which are like roadside assistance for your home.  Our vision is to become the top-of-mind solution for consumers when something goes wrong in their home.  Our incredible growth is fueled by a dynamic team who values collaboration, innovation and delivering exceptional customer service, all while working in a fun and friendly environment. HomeServe USA is part of a global organization that serves millions of customers in the US, UK, France, Italy and Spain.  Come see why you should work for HomeServe USA!

Responsibilities

We’re seeking a Vice President, Information Security who is a hands-on leader and who will be responsible for all of our business’ information security, risk, and compliance activities. In this role, you’ll report to the Chief Technology Officer, with visibility and accountability to our executive leadership team as well as our customers. Constant collaboration with the larger technology organization is crucial, and uphold proper compliance and separation of concerns.

Key to this role is the assessment and oversight of all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.

This role will also direct and/or influence the development and implementation of policies, procedures and controls to ensure that the organization's security and audit compliance remain in line with US laws, industry standards, and HomeServe PLC Audit recommendations. In this role, you will work directly with non-IT compliance professionals such as finance, marketing, legal, audit and corporate compliance to ensure organizational alignment.

 

  • Assess our development and operation environments to identify risks and gaps related to information security, including potential data breach risks
  • Define, champion, and execute the overall corporate IT security strategy, roadmap and governance structure with the buy-in from operational and business stakeholder
  • Implement all IT security, data breach, and regulatory compliance programs including legal requirements, industry regulations, and best practices.
  • Develop corporate information security and risk policies, training and education. Provide managerial and technical guidance on the development of information security policies, guidelines, standards, procedures, and responsibility designations
  • Ensure business requirements include security requirements, and are aligned with and support security mission, policies and procedures and their relationship to security, privacy and compliance requirements.
  • Oversees security incident response planning and participates in the investigation and reporting of security breaches.
  • Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, internal/external auditors, etc.
  • Coordinate security readiness activities in concert with the Director of IT Infrastructure to include penetration testing (internal and external), communications networks, voice and voice recording systems, etc.
  • Coordinate audit-related tasks such as ensuring the readiness of IT Directors and their organizations for audit testing and facilitating the timely resolution of any audit findings.
  • Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
  • Assist business and IT Directors with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
  • Conduct vendor assessments and audits for evaluation and tracking of risk
  • Work collaboratively and consult with the Group CISO with regard to the responsibilities and activities of the role. Contribute to the Group governance regime, providing update to maintain visibility of information and cyber security risk management and mitigation as well as improvement activity.
  • Contribute to the definition of HomeServe Group Information and Cyber Security Strategy and work to identify and deliver roadmaps for its delivery.
  • Advise and recommend on the evolution and continuous improvement of Information and Cyber Security frameworks across the HomeServe Group, bringing subject matter expertise as well as providing a wider perspective of the operation and requirements of HomeServe USA.
  • Attend the Group CISO forum meetings.
  • Present annually before the Board
  • Ensure all patches and upgrades to security are monitored and implemented
  • Develop and management of the CISO team

Regulatory Compliance Activities

  • Work with corporate legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.
  • Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws.
  • Create a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls.
  • Conduct necessary IT compliance control monitoring and testing activities to determine the effectiveness of the controls.
  • Remediate IT compliance control deficiencies.
  • Coordinate the investigation of any potential unlawful or fraudulent action related to IT compliance, such as the intentional release of privileged information or a related security breach.

Qualifications

Requirements

  • Bachelor's degree in business administration or a technology-related field, or equivalent work or education-related experience.
  • Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
  • Minimum of 15 years of experience in a combination of risk management, information security and Engineering roles. At least 4 years in a senior leadership role.
  • Relevant experience managing security for companies that leverage cloud technologies and / or offer platform as a service (PaaS) with security commitments to customers and partners.
  • Relevant experience working in the payment industry with a deep understanding of regulatory frameworks such as ISO, PCI DSS, NIST, COBIT, etc.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Must be able to effectively liaise with internal direct reports and senior management as well as internal customers, clients, partners and stakeholders.
  • Proven track record and experience in developing information security policies and procedures.
  • Must be a critical thinker, with strong problem-solving skills.
  • Strong project management, financial/budget management, scheduling and resource management skills.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

In return we offer

  • Competitive compensation
  • Career development and advancement opportunities
  • Business-casual attire throughout the week
  • Friendly, open and team oriented work atmosphere
  • Excellent benefits including generous medical, vision, dental and life & disability insurance
  • 401(k) plan with a company match

 

 

HomeServe USA is an affirmative action / equal opportunity employer.