Director of Security and Compliance (CISO)
We are Earnix
We enable insurers and banks to provide faster, smarter, and safer prices and personalized products. With our products, insurers and banks can offer personalized value to every customer, every time, and in full alignment with their corporate business strategy, goals, and objectives.
With over 80 customers across the five continents, Earnix has been consistently innovating for Banks and Insurers around the globe. We have offices in the Americas, Europe, Asia Pacific, and Israel.
We are looking for a Director of Security and Compliance to join our Operation group.
In this position, you will be responsible for establishing and maintaining Earnix roadmap, programs and policies to ensure information assets are protected, establish compliance and security standards and ensure ongoing adoption of best practices and relevant regulations.
You will use your abilities to solve complex technology problems in development processes and in Operations. You will also create security training and educate Earnix employees on compliance and security best practices aiming at increasing knowledge and creating security conscious mindset.
As a Director of Security and Compliance you will also be responsible for overseeing the implementation of the policies, ensuring the technology platforms and applications are secure and participate in customer discussions always balancing security and business continuity risk/reward decisions.
You will establish, maintain, and oversee the company-wide vision, strategy, architecture, policies and programs to ensure Earnix is protected and can recover from technical, environmental and/or other types of business disruptions. Contribute DR/BCP initiatives, conduct tests and ensures the organization is resilient.
o Set priorities and drive implementation for our vulnerability management, information security monitoring/security operations, offensive security, and threat intelligence programs.
o Define security requirements to allow for corporate and product compliance to industry standards including PCI, SOC2, SOX, GDPR and other regulatory data handling.
o Provide management oversight for security tools deployment and implementation.
o Propose security policies, initiatives and standards supporting regulatory compliance, loss and fraud prevention, and breaches in information security.
o Build and nurture external networks consisting of industry and peers, partners, vendors and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.
o Architect & build a software security organization that focuses on automation & self-service.
o Investigate potential incidents and communicate with appropriate executive management as well as local, state and federal officials in support of appropriate legal protocol.
o Serve as the key advisor to executive leadership in the development, implementation and maintenance of a strong information security program.
o Collaborate with Software Engineering leaders to ensure developed software is meeting industry best practices and standards.
o Partner with the architecture team to develop security architecture standards and to ensure alignment between security and engineering framework as a whole.
o Collaborate with Platform Engineering, ITOps Engineering, Data Engineering, Product Engineering, and other technical and business functional leaders to implement changes and best practices to continuously improve the security posture of the organization.
o Manage 3rd party audits with external partners and vendors (including PCI/NIST, SOC, IS0, etc.)
o Collaborate with the legal, compliance and privacy functions to conduct reviews/audits, recommend policies and procedures, monitor status and report violations to appropriate management.
o Seasoned information security expert who has built/led a broad security organization, set strategic direction at the executive level, engaged with senior leaders, influenced/gained consensus on key initiatives, and has a record of measurable results.
o Experience with building and running compliance program
o Proven track record and experience in successfully executing programs that meet the objectives of excellence in a dynamic business environment.
o Professional certification, such as a CISSP, CISM, CISA or other information security credentials, is preferred.
o Minimum five years' demonstrated successful experience in compliance, quality assurance, administrative and/or operational duties in a management role
o Ability to effectively communicate in English, both verbally and in writing.
Excellent computer skills. MS Word, Excel and PowerPoint proficiency.