VP Cyber Security
Job Number: 7194
The VP, Cyber Security reports to the Global Chief Security Officer (CSO). The CSO role includes responsibility for physical security as well as logical security and thus uses the title Chief Information Security Officer (CISO) interchangeably. The VP, CYBER SECURITY will manage the Cyber Threat Center, Security Operations, Security Architectures and Strategies, and Security Planning and Advisement functions.
The role is responsible for maintaining the confidentiality, availability, and integrity of our customer's data and the security of the assets of the company. The VP, CYBER SECURITY will continuously improve the global information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The VP, CYBER SECURITY position requires an accomplished security professional who is an experienced leader with sound knowledge of business management and a solid knowledge of information security technologies and cyber threat identification and containment. The VP, CYBER SECURITY will proactively work with departments across the company to implement practices that meet defined policies and standards for information security. S/he will also help to define and then oversee a variety of IT-related risk management activities.
The ideal candidate is an experienced leader, a consensus builder, and an integrator of people and processes. The VP, CYBER SECURITY functions as a business leader, and must have a track record of competency in the field of information security, with 5 to 7 years of relevant global experience.
- Responsible for security operations; cyber threat defense; incorporation of intelligence feeds; selection, installation, care and feeding of information security technologies; participation in security audits and assessments, planning and PMO management
- Assist the Global CSO in the education of company staff on security risks, cyber threats, vulnerabilities, mitigation methodologies and strategies, and status of major initiatives
- May be called upon to stand in for the Global CSO or other Security VP peers as required in executive meetings, customer interactions, government briefings, and other meetings as assigned
- Heavily influence the security technical program capability and roadmap
- Work closely with other VP members of the Global Security team to accomplish team goals and objectives, and liaise among corporate compliance, audit, legal and HR management teams as required
- Lead, recruit, manage, mentor a team of 40+ over multiple geographic locations
- Maintain pipeline of talent and establish pre-attrition hiring strategies that build the bench
- Security Program Management:
- Assist the Global CSO in the planning and execution of a successful cyber security program
- Develop and manage departmental budgets and monitor them for variances
- Manage a Security PMO that assists the entire Security team in managing programs; provide regular reporting on the current status of programs to enterprise risk teams, senior business leaders and others as requested by the Global CSO
- Provide Security project management, coordination and programming for projects having significant impact and extensive interface with IT
- Develop and oversee effective business continuity and disaster recovery plans for areas of responsibility
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of areas of responsibility
- Security Architecture and Technology:
- Conceive, design, develop, optimize, integrate, and maintain security technologies at a complex hands-on level
- Plan for the future by evaluating multiple technologies, optimizing current technologies, assessing proof of concept solution, and produce 3-year technology optimization roadmaps
- Plan and coordinate IT security efforts and tasks required to support a healthy and fully functioning security infrastructure
- Troubleshoot highly complex security problems with IT for which the analysis and resolution require extensive knowledge of many diverse IT security system components
- Liaise with Security Architect(s) to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning across Security and IT
- Coordinate the use of vendors involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing the performance and engagement of external technical resources.
- Work closely with the Lead for Security Innovation and with IT to identify applicable new security technologies through research, collaboration with peers, and participation in security standards organizations, industry groups, panels, etc.
- Security Incident Response:
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
- Provide leadership and Security solutions for complex problems; must at times be hands-on during major incident response
- Work directly with third party forensics and investigative firms during incidents or assigned scope of work activities
- Cyber Security:
- Constant and consistent security incident and cyber threat monitoring, including Level 1, 2, 3 Security Operations Center
- Daily and Weekly briefings of events and incidents
- Intelligence assimilation, including developing sources of intel with direct or tangential relevance to threats
- Deep analysis of global cyber events and their relationship to Equifax.
- Threat modeling activities that specify and carry out threat deterrent and containment actions.
- Reporting of intelligence, analysis, cyber risks, and recommendations for mitigation.
- Monitoring of external threat environment for emerging threats, and advising relevant stakeholders on the appropriate courses of action.
- Liaising with external agencies, such as law enforcement and other advisory bodies as necessary
- Bachelor's Degree in Computer Science or related field, or equivalent experience
- 15+ years combined experience in information security, IT, risk management
- 7+ years experience working with IT security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
- 5+ years experience in a senior leadership role with global accountability.
- 5+ years experience in roles that include financial/budget management and resource management.
- 5+ years experience leading cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
- 5+ years experience working with global security issues, such as privacy and country specifics risks on intellectual privacy.
- 3 + years experience working with information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT or NIST.
- Track record of success with contract and vendor negotiations.
- Track record of success developing and implementing global information security policies and procedures, in addition to successfully executing programs that meet the objectives of excellence in a dynamic IT environment.
- Professional security management certification required or in progress, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
- Active Security Clearance
- US Government or US Military experience
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Executive presence and ability to interface with senior company leaders as well as senior management of Customers; ability to explain and defend the security posture, actions and strategies
- Must be a critical thinker, with strong problem-solving skills.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- High degree of initiative, dependability and ability to work with little supervision.
USA-Atlanta JV White
Function - Security Governance and Compliance
Location_formattedLocationLong: Alpharetta, Georgia US
Community / Marketing Title: VP Cyber Security
Requisition Number: J00038740
EEO Employer Verbiage: <p>Equifax is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.</p>