VP, Risk & Security Management

Job Title: VP, Risk & Security Management
Job ID: 17578
Location: Dallas,TX, US
Full/Part Time:
Regular/Temporary: Regular
Line of Business:Epsilon

About the Opportunity
The VP Security Risk Management is responsible for establishing and maintaining Epsilon's overall IT security risk management program, which is designed to ensure that the company's IT systems and information assets are adequately protected. The individual in this position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets Epsilon's regulatory and other compliance requirements. The VP works proactively with the various clients, business units and other internal departments and organizations to implement practices that meet Epsilon's defined policies and standards for information risk management.

The VP Security Risk Management is the "process owner" for all of Epsilon's IT-related security risk assessment and identification activities, for the company's IT systems and information assets and for its IT-dependent strategic business objectives. A crucial element of the risk VP's role is working with senior executives, line-of-business leadership and other key decision makers to determine acceptable levels of residual risk for the company as a whole and for various internal departments and organizations.

The ideal candidate for this position is a proven thought leader, problem solver and integrator of people and processes, as well as an effective internal consultant. The person must also possess solid domain competencies in a number of IT-risk-related disciplines, including security, business continuity management, privacy and compliance.

While some company's IT risk management activities focus largely on technical solutions, effective risk management requires a more-comprehensive and performance-based approach that aligns levels of protection with business needs. For this reason, the VP, IT Risk Management must be much more than simply a technology and controls expert, it must also possess significant management and communications skills and extensive business knowledge.

Candidates must have implemented a security risk management program previously that clearly demonstrates the organization's ability to track, prioritize, remediate, and report on risks (whether generated from internal/external audits, technical issues, etc) to the organization.

Responsibilities
Primary Responsibilities and Activities

* Manage all the security risk-related activities of Epsilon's IT organization, including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
* Manage oversight and monitoring of risk mitigation and coordination of internal and external audits, customer related audits, 3rd party audits, and Compliance/Infosec controls, to ensure that other departments are taking effective remediation steps.
* Benchmark the risk management practices of other companies - particularly those in related industries or with similar business models - maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to Epsilon's established IT policies and practices.
* Create, disseminate and (as required) update documentation of Epsilon's Matrix of identified IT risks and controls.
* Work directly with the business units and other internal departments and organizations to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection.
* Coordinate information security and risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizations.
* Review risk assessments, analyze the effectiveness of Epsilon's IT control activities and report on them - with actionable recommendations - to the CISO, the CIO, and applicable Lines of Business executive leadership.
* Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
* Provide monthly/quarterly/annual risk management metrics for individual Lines of Business, IT, and the overall company.

Qualifications
* Reports directly to Epsilon's Chief Information Security Officer (CISO) and on IT-related risk management activities.
* Tracks and reports risk management trends, opportunities and remediation quarterly.
* Works closely with the CIO and the security, compliance, business continuity management and privacy organizations to develop and implement effective IT risk management practices.
* Makes recommendations for the CISO, appropriate risk governance committees, line-of-business leadership and the board of directors concerning IT-risk-related controls.
* Acts as risk management liaison with all levels of the IT organization and with the lines of business and other internal departments and organizations.
* Supervises direct reports, as well as the IT-risk-management-related activities of indirect reports and others.

Education and Training

* Education: Minimum Bachelor's degree required, with a focus on IT- or IT-risk-related disciplines (for example, security, privacy, business continuity management and compliance). A business degree is beneficial.
* Professional certifications: Certified Information Security Auditor, Certified Information Security Manager, Certified Information Systems Security Professional, or equivalent is beneficial.

Experience

* Seven to ten years of experience in a large complex IT risk management or a related discipline (for example, audit, security, privacy, business continuity management or compliance).
* Proven track record for documenting, tracking, reporting, and closing identified risks within the environment

Required Knowledge and Skill

* In-depth knowledge of a broad range of standards and frameworks - for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Model Integration and Six Sigma
* Knowledge of common risk management methodologies - for example, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management

Key Behaviors and Competencies

* In-depth understanding of strategic business risks
* Ability to develop a comprehensive understanding of Epsilon's business, market and industry and relate that knowledge to identified operations- and IT-related risks
* Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes
* Proven ability to communicate with people at all levels - from developers to the board of directors
* Excellent written and verbal communication skills - including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences - and strong interpersonal and collaborative skills
* Strong skills as a negotiator, to facilitate commitment to, and sign-off on, appropriate levels of residual risk from line-of-business leadership
* High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
* High degree of initiative, dependability and ability to work with little supervision

Compensation and Benefits
Alliance Data offers a competitive salary, a comprehensive selection of benefit options including 401(k).

Conditions of Employment
All job offers are contingent upon successful completion of drug screen and background checks.

About Us
Epsilon is the industry's leading marketing services firm, with a broad array of data-driven, multichannel marketing solutions that leverage consumer insight to help brands deepen their relationships with customers. Services include strategic consulting, acquisition and customer database technologies, loyalty management, proprietary data, predictive modelling and a full range of direct and digital agency services, including creative, interactive web design, email deployment, search engine optimization and direct mail production. In addition, Epsilon is the world's largest permission-based email marketer. Epsilon is an Alliance Data company.