Director Information Security

Information Technology United States United States


Description

Position at Celebrity Financial

Company Overview:

Celebrity Financial is the ambitiously expanding parent company of multiple businesses across the mortgage, banking, and fintech industries. We are led by a mission to educate and enable financial literacy for all, and driven to improve ourselves, our communities, and our industry. To serve that mission, we are building innovative new companies and financial technologies to break new ground in digital banking, customer centric mortgage delivery, personalized counseling, and financial education.  Celebrity’s core business, driven by a proprietary model rooted in ‘Responsible Autonomy, is expected to double in size over the next 6-9 months. At the scale of $10 Billion in production, supported by 1200 Team Members, Celebrity will concurrently expand into correspondent lending and Digital Banking spaces.

Position Overview:

Reporting directly to the Chief Information Security Officer, the Director of Information Security will be responsible for enterprise-wide InfoSec activities. This role will ensure security polices and procedures are followed and that time frames are met. This person will also need to mentor and lead the team to develop their own expertise and capabilities for quality of work. Building trust, demonstrating a sense of urgency and ensuring consistent achievement of quality standards is a must. 

Responsibilities:

  • Maintain Information Security policies, develop new procedures and standards as needed. Coordinate and collaborate with domain specialists
  • Ensure policy content aligns with key control frameworks, Particularly NIST Cyber Framework and key regulations Gramm-Leach-Bliley Act (GLBA) and privacy laws. 
  • Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion
  • Perform security compliance audits during MNA 
  • Establish and maintain Third-Party Risk Management program including vendor assessment and ongoing 3rd party risk activities
  • Provide security evaluation of critical vendors
  • Maintain and operate our Information Security Awareness Campaigns and role-based training programs for employees.
  • Develop metrics to track security program effectiveness and to report risk
  • Maintain and respond to security questionnaires from our external Customers
  • Ensure all key testing (tabletops, pentests, etc) is completed on the appropriate frequency
  • Assist the business in developing appropriate controls built upon external audits, internal audits, MIS, internal control tests, and other methods.
  • Provide subject matter expertise to the organization for new initiatives, systems process enhancements, organic technical maturing, and regulatory requirements.
  • Lead the Incident Response Team through the handling of any information-related incidents.
  • Manage and lead the Information Security Department staff to monitor threats, evaluate risks, recommend mitigation controls, and assist with implementing business and technical controls.

Qualifications:

  • Minimum 10 years of experience in security governance, risk management, compliance, audit, internal controls, or other security-related areas and a minimum of 7-10 years of total work experience
  • Experience in security-related analysis, creating metrics and dashboards and summarizing large data sets
  • Ability to work with both business and technical areas and translate between the two areas
  • Skilled at building rapport and establishing partnerships
  • Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures and cloud computing.
  • Excellent verbal and written communication skills and ability to communicate results to multiple levels of management
  • Demonstrated desire to learn new skills and innovate
  • Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively
  • Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.

Celebrity Financial, Inc. is an Equal Opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, and protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law.