VP, Information Technology & Security

What You’ll Do 

The VP, Information Technology & Security is a senior IT leadership role driving the technology vision, roadmap, and solution delivery at Authentic. This role will help manage the overall IT Planning & Information Security. You will build partnerships across the company, will build & lead a team will prioritize and organize resources to drive agility, and efficient IT operations. You will manage any vendor relationships and optimize our technology investments.

In addition, you will also be responsible for managing all aspects of risks associated with information and technology including identifying threats to firm and client data, developing an IT Risk and Security Framework with administrative, technical and physical safeguards to address those threats and comply with data security and privacy regulations, responding to security incidents, supporting Client-service and Legal/Risk in responding to client/vendor assessments, developing a privacy strategy (data inventory, consent process, ensuring adequate measures are in place to safeguard Firm and client data including PII and HIPPA in motion and at rest, etc.), assisting with litigation responses (holds, preservations, document gathering and production), ensuring compliance  with document retention policies, and establishing and monitoring IT policies and procedures to ensure our risk exposure is minimized. 
You will have strong experience in business & technology architecture and modern application delivery. You are willing to roll up your sleeves and dive in to help make a long-term impact. You’ll make effective decisions, work collaboratively, and take accountability for our internal stakeholders. You’ll build and lead a world-class technical team. You are excited about the potential of leading into an agile, nimble environment.

What you’ll be working on

IT Strategy, Digital Transformation, Systems Maintenance

• Responsible for overseeing all IT operations, projects, network infrastructure and ongoing operations.
• IT strategy, digital transformation, systems maintenance.
• Organization management, budget management, people management.
• Deep understanding of the fashion apparel industry and operation
• Company-wide program, project management.
• Global organization alignment.
• Systems maintenance
• Day to day systems support
• System fundamentals (system structure, programming, database fundamentals)
• Fundamental ability and methodology for programming and requirement discovery

• Analyzes complex business needs presented by the user community and/or clients and recommends technical solutions.
• Ensures the consistency and maintainability of existing applications by creating, maintaining, and enforcing standards/procedures for implementing technical solutions.
• Keeps abreast of new technology relevant to the company's security and infrastructure.
• Responds to the needs of a 24/7 operation, as needed.
• Produces a detailed timeline for each application release and implements effective project control by monitoring the progress of the software release and reporting the status.
• Directs and prioritizes the workload of IT team
• Reviews all designs, code, and unit test plans where applicable.
• Approves all business requirements prior to the technical solution.
• Participates in all hardware and software evaluations and maintains vendor contracts.
• Perform liaison duties between users, operations, and programming personnel in the areas of systems design, modifications or troubleshooting.

Risk Identification, Assessment and Evaluation 

• Identify, assess, and evaluate risk to enable the execution of the enterprise risk management strategy.
• Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
• Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
• Identify potential threats and vulnerabilities for business processes, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
• Create and maintain a risk register to ensure that all identified risk factors are accounted for.
• Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization.
• Analyze risk scenarios to determine their impact on business objectives.
• Develop a risk awareness program and conduct training to ensure that stakeholders understand risk and contribute to the risk management process and to promote a risk-aware culture.
• Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership.
• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment

Risk Response

• Develop and implement risk responses to ensure that risk factors and events are addressed in a timely manner and in line with business objectives.
• Identify and evaluate risk response options and provide management with information to enable risk response decisions.
• Review risk responses with the relevant stakeholders for validation of efficiency, effectiveness and economy.
• Apply risk criteria to assist in the development of the risk profile for management approval.
• Assist in the development of risk response action plans to address risk factors identified in the organizational risk profile.

Risk Monitoring

• Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the enterprise’s risk management strategy.
• Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.
• Monitor and communicate key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
• Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
• Identify and report on risk, including compliance, to initiate corrective action and meet business and regulatory requirements.

Information Systems Control Design and Implementation

• Design and implement information systems controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
• Interview process owners and review process design documentation to gain an understanding of the business process objectives.
• Analyze and document business process objectives and design to identify required information systems controls.
• Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
• Facilitate the identification of resources (e.g. people, infrastructure, information, architecture) required to implement and operate information systems controls at an optimal level.
• Monitor the information systems control design and implementation process to ensure that it is implemented effectively and within time, budget and scope.
• Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that any deviations are promptly addressed.
• Test information systems controls to verify effectiveness and efficiency prior to implementation.
• Implement information systems controls to mitigate risk.
• Facilitate the identification of metrics and key performance indicators (KPIs) to enable the measurement of information systems control performance in meeting business objectives.
• Assess and recommend tools to automate information systems control processes.
• Provide documentation and training to ensure information systems controls are effectively performed.
• Ensure all controls are assigned control owners to establish accountability.
• Establish control criteria to enable control life cycle management.

Information Systems Control Monitoring and Maintenance

• Monitor and maintain information systems controls to ensure they function effectively and efficiently.
• Plan, supervise, and conduct testing to confirm continuous efficiency and effectiveness of information systems controls.
• Collect information and review documentation to identify information systems control deficiencies.
• Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements.
• Assess and recommend tools and techniques to automate information systems control verification processes.
• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
• Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
• Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of information systems controls.
• Provide information systems control status reporting to relevant stakeholders to enable informed decision making.

IT Policies/Governance and Compliance

• Coordinate the development and ongoing maintenance of IT policies and procedures.
• Ensure that all IT policies and procedures are compliant with regulatory requirements.
• Maintain a schedule of policy review and submission to the board for approval

Disaster Recovery Coordination

• Maintain the IT Disaster Recovery Plan including annual reviews.
• Oversee the regular testing of the plan and update for major changes in hardware, applications, business and regulatory requirements accordingly.
• Coordinate testing and reporting of data backup restorations in accordance with Key Performance Indicators (KPIs).

Audits and Reviews Preparation and Facilitation

• Serve as liaison to auditors, consultants, and the Chief Risk Officer regarding documentation and review of information compliance.
• Assist in responding to client inquiries, providing sufficient documentation and collaboration with client vendor compliance personnel.
• Communicate audit and review results to appropriate parties; ensure that issues are addressed, and corrective actions are implemented.
• Keep a tracking action list of all audit issues.

Projects and Initiatives related to IT

• Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.

Must Haves:

• Engineering / CS / MIS Degree (Bachelor’s; graduate degree a plus) and 10+ years of relevant industry experience.
• A passion for developing, coaching and mentoring a team
• Develop and maintain relationships with leaders across multiple divisions
• Experience in leading inter-organization change to increase efficiency through the implementation of technology
• Strong ability to manage and prioritize multiple projects in a fast-paced environment,
• Flexible and adaptable
• Entrepreneurial mindset and results-driven. Thrives in a fast-paced start-up environment.