Director Information Security/CISO (Hybrid)

M Financial Group is a community of leaders comprising the best and brightest minds in our industry. By combining individuals' expertise and skill, M Financial Group has become a powerful force committed to advancing the interests of our industry, communities, and clients for over 40 years. M's solutions are rooted in the diverse expertise of our team, our collaborative approach to innovation and our comprehensive support.

We embrace a progressive, dynamic mindset for every role. M Financial Group provides a professional community that actively supports individuals with diverse backgrounds and perspectives who come together to build and support best-in-class solutions. If you're looking to be a part of a high performing, collaborative, and dedicated team, M Financial Group is in search of a Director Information Security & Chief Information Security Officer to join our team.

The Director Information Security & Chief Information Security Officer serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are protected. It also consists of leading and guiding the work of technical staff, serving as a liaison between business and technology, planning project stages and assessing business implications for each stage, and monitoring progress to assure deadlines, standards and cost targets are met. The CISO will also prioritize and allocate projects, products, and resources with the assistance of architects and team leads.

Responsibilities:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT (Information Technology) risk management program
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services
• Manage the Information Security team, responsible for direction and oversight of the team's assignments, and providing coaching and development of team members
• Coordinate recruitment or selection of personnel
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Respond to regulatory inquiries; meet with regulators as necessary; write inquiry responses
• Assess the Member Firm Information Security Policy; examine landscape, prioritize efforts; bring experience and authority to the efforts; develop methodology and audit program; recommend enforcement activities
• Coordinate and develop appropriate third-party risk management goals in coordination with Internal Audit
• Respond to partner risk assessments and consult on mitigation activities
• Select an information security framework to frame the overall information security program
• Set a strategy for the information security program that establishes maturity targets for each key part of the information security program, based on the NIST framework
• Establish any necessary third-party monitoring
• Conduct vulnerability assessments and define remediation plans
• Ensure agreements are in place with information security forensics vendors
• Ensure communication plans with M Financial partner carriers are in place
• Assess and test disaster recovery capabilities
• Develops and leads Member Firm Information Security Policy efforts to Member Firms
• Advises MFH and Member Firms on aligning their security stack with regulatory compliance
• Completes vendor assessments for MFH and MBEN pertaining to Information Security
• Provides on-call after-hours support as assigned, including evenings, weekends, and holidays
• Performs other duties as assigned

Qualifications:

• Degree in Computer Science, Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training, and experience required
• Minimum of 8 years of experience in a combination of risk management, information security and IT jobs
• Two or more relevant security-related certifications preferred (e.g. CISSP, CISM, GSEC, Security+, CEH, GPEN, GSEC, or equivalent)
• Securities Licenses: SIE and Series 99 or ability to obtain within 6 months of hire
• Insurance, Finance and/or Broker Dealer Industry Experience a Plus
• Familiarity, and preferred background, with the Investment Advisors Act of 1940; Securities Act of 1933 and Investment Company Act of 1940; FINRA and SEC rules; and state regulations
• Investment services experience with an understanding of key business functions and regulatory requirements
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
• Excellent written and verbal communication skills and high level of personal integrity
• Experience with contract and vendor negotiations and management including managed services
• Detail-oriented, proactive, self-motivated, and responsible
• Ability to develop and maintain effective working relationships with M Financial Group staff, Member Firms, external partners, and vendors
• Excellent oral and written communication skills, ability to deliver presentations to various audiences
• Ability to effectively lead direct and indirect reports, and work both independently and with colleagues
• Not Required, but valued qualifications
  
  • o Life insurance industry experience with an understanding of sales, new business, servicing, and claims processes
  • o Experience with Rapid7, Microsoft Security Suite, Proofpoint, Varonis, SecureWorks

Job Conditions and Environment:

• Hybrid work environment offering a blend of virtual/work from home and onsite days designed to support flexibility
• Normal office environment/desk assignment
• Extensive use of PCs, computer terminal, display, keyboard, and mouse
• Potential for moderate travel (up 30%)
• M Financial is following federal, state and local COVID-19 guidelines and has adopted a policy requiring all employees to be fully vaccinated against COVID-19 or to have a COVID-19 test performed weekly when coming into the office

This position description is not intended to be and should not be construed as an all-inclusive list of responsibilities, skills or working conditions associated with this position. While this description is intended to accurately reflect the position's activities and requirements, management reserves the right to modify, add or remove duties, as necessary.