Ellie Mae Specific Requirements
Reporting to the Chief Information Officer (CIO), the Chief Information Security Officer (CISO) plays an integral part in development of strategic policy, technology plans and investments. The CISO guides the executive leadership team by recommending and prioritizing investments and projects that mitigate overall risks, strengthen defenses and reduce vulnerabilities for development, internal and client facing systems. This role serves as an expert advisor to senior management in the development, implementation and maintenance of a Company-wide information security infrastructure to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, accountability and assurance.
The Chief Information Security Officer (CISO) plays an integral part in the development, implementation, and compliance of technical security across the enterprise. The CISO is responsible for managing risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance. In addition, the CISO ensures all staff members are trained on enterprise and governmental security requirements through awareness programs.
- Chairs an Executive steering committee that brings together key Business stakeholders to develop and review enterprise security and risk strategies
- Collaborates with cross-functional Business, Product and Technology Delivery teams to identify, deploy, support and monitor adopted standards, policies and guidelines
- Collaborates with Business and Technology teams to ensure business continuity planning meets Service Level and compliance requirements
- Participates in and guides Business Continuity testing and continuous improvement
- Provides guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and recommendations regarding prioritization of investments and projects that mitigate risks, strengthen defenses and reduce vulnerabilities.
- Acts as the primary Company control point during follow-up on significant information security incidents, oversee development of response plans, forensics, custody of data, and provide timely update reporting.
- Provides guidance to business units as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with Human Resources and Legal counsel as appropriate.
- Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
- Understands “voice of the customer” and develops mechanisms to proactively sense adoption and usage patterns of consumer technologies by end users so that policy can align with need
- Monitors industry trends and regulatory compliance with enterprise security policies and educates business unit leaders and service managers on compliance efforts
- Maintains relationships with local, state, and federal law enforcement and related government agencies as needed
- Maintains current certification in relevant paractices
- Creates an information security awareness program to customize communication tools and campaigns for each business unit and integrated services group
- Proposes usage and security policies for information sharing on internal and external platforms
- Ensures security compliance with industry and government rules and regulations
- Establishes security metrics and reports performance
- Monitors and reports security/policy compliance
- Oversees execution of approved information security projects and internal/external security audits, and provide regular status reporting on progress of such projects.
- Leads a dedicated Information Security team.
Bachelor degree in Information Security, Computer Science, Information Management Systems, or related field
- Competent in IT risk assessment and management, IT continuity management, IT governance formulation, and organizational change management
- Working knowledge of IT financial management and IT audit
- Soft Skills
- Excellent verbal and written communication skills
- Ability to react to high-pressure dynamic changing environments
- Ability to train security concepts to all areas of the business
- Fosters and builds a collaborative working relationship with various stakeholders
- Ability to develop a Security Vision in support of overall Business and Organizational goals
- Motivate and lead both direct reports and cross-functional teams
- Strong problem solving and analytical skills
- Technical Skills
- Expert in information policy formulation, information security management, and business risk management
- Professional experience in running the information security office analyzing and applying information security, risk management, and privacy practices
- Extensive experience in strategic planning, budgeting, and allocation
- Consulting and general industry experience
- Experience in law enforcement and/or national security is highly relevant
- Knowledge of national and international regulatory compliances and frameworks such as GLBA, ISO, SOX, BASEL II, EU DPD, HIPAA, NIST, FISMA, CobiT, ISF and PCI DS
- Experience in with secure coding standards, ethical hacking techniques, IDS/IPS, SEIM
CISSP, CSSLP, CCFP, SSCP, GSSP-JAVA, GSSP-NET or related Cyber Security Credentials
Number of Years Experience
Minimum 10+ years of experience in IT Security, Cyber Security, IT Audit or related area,
Senior Leadership - Vice President
Ellie Mae® is a leading provider of enterprise level, on-demand automated solutions for the residential mortgage industry. We offer...