Information Security Officer

Essential Functions:

• Responsible for further development and execution of Xpansiv’s information security strategic plan in partnership with the Chief Risk Office, Chief Technology Officer and other security, business and technology team members. 
• Continue to develop a comprehensive information security program to safeguard Xpansiv. 
• Propose enhancements to the Information Security policies, standards and procedures. 
• Update the Information Security Program based on regulatory changes, threats, best practices, business needs and feedback from management. 

Job Requirements:

• Conduct risk assessments to identify potential changes to the security posture and recommend appropriate ways to address and gaps. 
• Determine acceptable risk levels for the Information Security and ensure threats to the company are mitigated in alignment with the company’s risk appetite. 
• Support audits and regulatory exams. Coordinate management's responses to information security-related findings. 
• Lead responses to customers’ information security inquiries into Xpansiv’s security posture. 
• Deep knowledge across the security tools and frameworks with an understanding which works best in different industries and environments. 
• Drive and deliver the development and implementation of the appropriate and effective controls to protect the organization’s assets.  
• Participate in the preparation of risk assessments to evaluate new technologies, applications, and devices. 
• Build out the information security awareness training for employees and Board of Directors with a detailed deep dive for Cyber Security Awareness month. 
• Support or execute security related testing as needed for material technology driven changes.  Ensure the remediation teams have sound plans and execute those in a timely manner.  
• Collaborate with the business and/or Information Technology to select appropriate technology vendors that support regulatory requirements and best practices. 
• Familiarity with key security solutions.  
• Understanding of international security obligations.  
• Refine a company-wide data loss prevention program to protect customer and company confidential information. 
• Provide guidance on projects, new implementations, or upgrades in adherence with the Information Security Program. 
• Run the Business Continuity Program, which includes working closely with business lines to ensure business impact analyses are comprehensive. This includes running incident response actions and driving follow up activity to closure.  

Other Knowledge, Skills and Abilities:

• Bachelor's degree in computer science, information systems or equivalent work experience is required. 
• Industry standard certification in information security, such as CISSP, CISM, CRISC, or acquisition within one year of hire. 
• Five years of experience supporting security architectures and applying security best practices across enterprise environments. 
• Highly familiar with cloud-based solutions 
• Possess excellent analytical, organizational and documentation skills. 
• Strong knowledge of both cybersecurity and IT risk management programs based on industry recognizable frameworks. 
• Strong collaboration and communication skills with the ability to tailor messages to the audience.   
• Equally comfortable working independently as with a team while building and maintaining collegial relationships across the company including with the commercial and technical teams.  
• Persuasive leader who can serve as an effective member of the management team and is able to communicate security-related concepts to a broad range of technical and non-technical staff. 
• Practical experience with vulnerability scanning and auditing tools. 
• Knowledge of DevOps application security. 
• Experience with cloud security best practices. 
• Ready to work in a highly dynamic and exciting environment.