We’re seeking a Vice President, Information Security who is a hands-on leader and who will be responsible for all of our business’ information security, risk, and compliance activities. In this role, you’ll report to the Chief Technology Officer, with visibility and accountability to our executive leadership team as well as our customers. Constant collaboration with the larger technology organization is crucial, and uphold proper compliance and separation of concerns.
Key to this role is the assessment and oversight of all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.
This role will also direct and/or influence the development and implementation of policies, procedures and controls to ensure that the organization's security and audit compliance remain in line with US laws, industry standards, and HomeServe PLC Audit recommendations. In this role, you will work directly with non-IT compliance professionals such as finance, marketing, legal, audit and corporate compliance to ensure organizational alignment.
- Assess our development and operation environments to identify risks and gaps related to information security, including potential data breach risks
- Define, champion, and execute the overall corporate IT security strategy, roadmap and governance structure with the buy-in from operational and business stakeholder
- Implement all IT security, data breach, and regulatory compliance programs including legal requirements, industry regulations, and best practices.
- Develop corporate information security and risk policies, training and education. Provide managerial and technical guidance on the development of information security policies, guidelines, standards, procedures, and responsibility designations
- Ensure business requirements include security requirements, and are aligned with and support security mission, policies and procedures and their relationship to security, privacy and compliance requirements.
- Oversees security incident response planning and participates in the investigation and reporting of security breaches.
- Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, internal/external auditors, etc.
- Coordinate security readiness activities in concert with the Director of IT Infrastructure to include penetration testing (internal and external), communications networks, voice and voice recording systems, etc.
- Coordinate audit-related tasks such as ensuring the readiness of IT Directors and their organizations for audit testing and facilitating the timely resolution of any audit findings.
- Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
- Assist business and IT Directors with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
- Conduct vendor assessments and audits for evaluation and tracking of risk
- Work collaboratively and consult with the Group CISO with regard to the responsibilities and activities of the role. Contribute to the Group governance regime, providing update to maintain visibility of information and cyber security risk management and mitigation as well as improvement activity.
- Contribute to the definition of HomeServe Group Information and Cyber Security Strategy and work to identify and deliver roadmaps for its delivery.
- Advise and recommend on the evolution and continuous improvement of Information and Cyber Security frameworks across the HomeServe Group, bringing subject matter expertise as well as providing a wider perspective of the operation and requirements of HomeServe USA.
- Attend the Group CISO forum meetings.
- Present annually before the Board
- Ensure all patches and upgrades to security are monitored and implemented
- Develop and management of the CISO team
Regulatory Compliance Activities
- Work with corporate legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.
- Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws.
- Create a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls.
- Conduct necessary IT compliance control monitoring and testing activities to determine the effectiveness of the controls.
- Remediate IT compliance control deficiencies.
- Coordinate the investigation of any potential unlawful or fraudulent action related to IT compliance, such as the intentional release of privileged information or a related security breach.