Information Security Director (PA, Pittsburgh)

Job Summary:

EdgeCo Holdings Corporation is seeking a dynamic Information Security Director to join our corporate Information Security team. EdgeCo is a rapidly growing financial services firm. For over four decades, EdgeCo® Holdings’ companies (American TCS & New Edge Capital Group) have provided best-in-class technology-enabled solutions and support services to financial intermediaries and their clients, including Full-Service Retirement Plan Administration, Brokerage, Advisory, and Trust and Custody solutions.

Reporting directly to the EdgeCo Chief Information Security Officer (CISO), the Director of Information Security will play a pivotal role in integrating unique divisional business knowledge for our New Edge Capital Group into a cohesive, well-governed corporate information security program. This role offers an exciting opportunity to help shape a unified security program that supports the unique operations of New Edge Capital Group with SEC and FINRA regulatory requirements. The role will enable our organizational goals for optimizing synergies, collaboration, and growth in a shared services delivery model through our corporate Information Security Program.

Key Responsibilities:

• Security assessments: Performs security assessments for divisional information security needs and requirements, identifying unique challenges and opportunities according to divisional regulatory, and contractual compliance.
  • Serves as NECG subject matter expert for security needs ensuring they are addressed within the greater corporate framework to ensure synergies are recognized.

• Tailored Security Solutions: Liaise with divisional stakeholders to integrate security solutions into corporate shared services security tools and solutions, while identifying and harmonizing unique security solutions in cost optimized fashion and integrating with corporate standards, processes, procedures and governance.
  • Ensure divisional security measures are effective and integrate seamlessly with the corporate information security program.
  • Develop customized security solutions that align with the specific needs of NECG, such as aligning policies and controls across both employee and independent contractor modles, while adhering to the overarching corporate security policies and implementation through collaborative divisional and corporate shared services delivery model.

• Divisional Liaison
  • Act as the primary liaison between the corporate information security team and NECG stakeholders serving on key NECG committees, facilitating communication and collaboration between all companies both at the NECG divisional company level and under the direction of the CISO across ATCS divisional companies.
  • Advocate for divisional security needs within the corporate structure, ensuring they are appropriately tailored to each business segment, prioritized, and addressed.

• Compliance and Regulatory Alignment.
  • Ensure divisional compliance with relevant laws, regulations, and standards, such as SEC and FINRA.
  • Collaborate, design and integrate NECG Infosec requirements into existing and new Information Security controls as best practices to avoid control duplication, ensuring adherence and synergy realization to a unified corporate information security program.
  • Participate in, collaborate and lead key compliance activities (audits, due diligence, third party risk management etc.) processes ensuring unique NECG requirements are integrated to the global framework of governance risk programs tools, processes, procedures and standards.
  • Respond to regulatory examinations and inquiries from agencies such as the SEC and FINRA by coordinating documentation and interviews related to information security practices.
  • Support the business development and client due diligence process by completing security-related portions of Requests for Proposals (RFPs) and questionnaires.

• Incident Response Coordination
  • Coordinate incident response efforts within NECG through the global Incident Response program, tools, service providers, customers and vendors, ensuring timely and effective resolution of security incidents.
  • Collaborate with corporate teams to manage and mitigate the impact of security incidents arising from NECG issues and ensure best practices, reporting requirements and tracking are managed through global IR to ensure disposition to divisional and organizational wide risks.
  • Work through corporate IR processes and procedures to ensure incidents are coordinated across shared services stakeholders (HR, Privacy, I&O) to IR Program standards.
  • Divisional Training and Awareness
  • Develop and define unique training requirements for NECG information security needs ensuring integration into organizational wide Security Awareness Training tools, events, compliance and metrics.
  • Promote a culture of security awareness and best practices tailored to the unique needs of NECG as part of the organizational security training and awareness program.
  • Through the corporate Security & Awareness program (SAP), will collaborate with other shared services stakeholders such as HR and Privacy to meet unique needs of NECG through SAP events and activities.

• Performance Monitoring and Reporting
  • Monitor and report on the effectiveness of divisional security measures, including key performance indicators (KPIs) and metrics.
  • Provide regular updates to divisional and corporate leadership on the status of security initiatives and risk management efforts.

• External Relationships
  • Build and maintain relationships with external partners, such as auditors, industry peers, and regulatory bodies, to stay informed about emerging threats, best practices, and regulatory changes relevant to divisional needs.

Qualifications:

• 8-12 years’ experience in a mature Information Security program with demonstrated success in job requirements.
• Bachelor’s degree in information security, Computer Science, or relevant technical field.
• Deep understanding of security principles, practices, and technologies.
• Relevant certifications preferred such as CISSP, CISM or CISA
• Experience with one or more Information Security frameworks NIST 800-53, CSF, ISO, PCI DSS, as well as third party attestations (SOC 1&2 type 1&2, Cloud Security Alliance,
• Excellent project management skills.
• Strong consensus building, communication, and collaboration skills.
• Commensurate analytical and problem solving with the ability to assess and mitigate security risks.
• Strategic thinker with the ability to define key requirements and develop strategic security plans to address risk that align with corporate and divisional objectives with an innovative mindset.
• Financial services experience such banking, RIA, Broker Dealer, financial services with federal, state and governing body experience (SEC, FINRA, CCPA, NYDFS, etc.)
• Strong interpersonal skills with the ability to build and maintain relationships with internal and external stakeholders.
• Collaborative approach to working with diverse teams and departments.

Read More