Director security management job description

Employees

The majority of our employees will have flexibility that allows them to choose a predominantly remote, predominantly in-office, or hybrid setup. Our official in-office locations in the United States includes LA, NYC, Stamford, and Chicago, and we have several other states in which employees may work remotely if their role isn't one that requires them to be in or near the office. We value the health and safety of our people above all else, and our onsite attendance policies reflect that. If there is an on-site requirement for a role, it will be listed in the job description.

For those employees who would like to utilize our offices, full vaccination for COVID-19 is required for physical presence in A+E Networks workplaces. While A+E Networks will consider reasonable

accommodation requests regarding this policy in accordance with applicable law, such requests will not be considered until a conditional offer of employment is extended to a candidate. Applicants should not submit any medical or health information in connection with their application for employment.

A+E's Technology team is deep-rooted in the heart of our business. We have great people and great technologies, and together we take on the toughest challenges. As innovators, we choose to iterate, pivot, and adapt quickly. We've reinvented the way A+E leverages technology to produce and sell world-class content. We've modernized our core solutions and embraced a cloud first approach. Perched on the virtues of our "Technology Code", we make technology better, create solutions together, and most of all, we have fun with it. Our team members are motivated individuals who help each other do remarkable things every day. Together we deliver best-in-class solutions that transform the way A+E works. If this sounds like something you want to be a part of, we want to hear from you!

THE ROLE: Director, Security Incident Management

Reporting to the Vice President of Cyber Security, the Director of Security Incident Management will be responsible for constructing and leading the vision of the Security Incident Management functions across all A+E technology groups (Enterprise, Consumer, and Broadcast) and liaising with legal groups and trusted external partners in the event of a system or data breach. The position oversees the development and implementation of security operations center processes and procedures and owns the maintenance and improvements of security technologies related to breach preparedness, incident response, and systems recovery. The position is also the designated incident commander when the security incident response plan is activated. This is a leadership role that requires a strong technical background in security incident management, log analysis, tool implementations, and systems hardening, to lead and guide a team of security analysts. The position will also coordinate with key members of the Engineering, TechOps, DevOps, and Service Management organizations to ensure processes are complimentary, systems meet our security standards, and incident response planning and readiness is done in unison.

MORE ABOUT WHAT YOU'LL DO: Director of Security Incident Management

* Create and lead the security incident response processes and procedures across the three technology pillars: enterprise systems, digital product, and broadcast operations.
* Manage a technical team of security analysts and engineers dedicated to security operations and incident response.
* Manage our Security Services Provider (MSSP) and improve the level one and two monitoring, alerting, and triage capabilities, including playbook development and handoffs to A+E personnel.
* Lead SecOps enhancement initiatives to improve the use of tools like our SIEM, endpoint, web, and email security technologies.
* Coordinate with external parties for breach-preparedness exercises and threat intelligence gathering.
* Creating metrics and maturity measurements for the Security Operations Center and internal incident management functions and reporting them to Security Governance and Technology leadership on a regular basis.
* Assist and coordinate with other security functions like vulnerability management, security engineering, and identity management to enhance our incident detection and response capabilities.
* Liaising with the Project Management, Architecture, and Engineering teams to ensure that security operations and incident management needs are incorporated into all new system builds and deployments.

YOUR STORY: [+BEHAVIORS] (what you need to have) Director of Security Incident Management

* 10 or more years of technology experience with 2 years spent performing hands on incident response or other security operations functions.
* 2 or more years managing technical staff.
* BS degree in a technical field such as CS or IT, or equivalent combination of education and work experience.
* Experience creating policies and procedures for security operations, incident management, and breach preparedness.
* Strong technical understanding of threat hunting and incident response, with time spent performing log analysis and coordinating remediation activities.
* Understanding of traditional SecOps tools like SIEM, EPP/EDR, SWG, and others, with the ability to make configuration and policy decisions.
* Understanding of modern environments like AWS, M365, SaaS platforms, and the implications on security incident management.
* Experience with vulnerability management tools and coordinating and reporting on remediation activities.
* Experience managing vendor relationships. Any time spent working with legal to execute contracts and SOWs is helpful but not required.
* Excellent leadership, communication, interpersonal interactions, and problem-solving skills.
* Excellent organizational skills and an aptitude focused on process and workflow improvement and efficiency.
* Must be able to work well in a team environment and maintain strong relationships with internal and external partners and suppliers.

Role Details:


The prime responsibilities of the Information Security Manager (ISM) role is to identify, quantify and proactively address security issues and changes in the businesses risk profile. The ISM will focus on improving the end-to-end risk posture for the assigned LOB or product group, and ensure appropriate controls are implemented across the technology landscape to operate within risk appetite. This includes a threat driven approach to enable secure from the start adoption of emerging technology and application development. The ISM will be expected to drive effective risk & controls management and support the technology teams through identification of control weaknesses and recommendations for improved security; articulation of the business impact and associated risk; and educate on proactive measures to remediate. This role engages in areas of development, design, and monitoring of corporate and global control programs, and acts as a liaison between management, the Lines of Business, internal and external audit, and regulators. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence IT operations across the firm. Responsibilities include offering guidance, best practices, and support across businesses, leading risk reviews and vulnerability assessments and identifying threats.


This role requires a wide variety of strengths and capabilities, including:

• Bachelor's degree or equivalent experience
• Strong communication and presentation skills
• Advanced knowledge of multiple IT control and project management practices and experience working across large environments
• Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals
• Expertise in application and infrastructure high-availability and resiliency architectures with demonstrated experience in business
• Minimum 5+ years of experience in technology risk and controls, risk-based consulting, risk assessments, audit and regulatory activities
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management and data protection
• Build and cultivate a security focused culture through partnership and collaboration with the business and technology teams to deliver customer value and improve security posture of the firm.
• Proactively monitoring Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps
• Collaborate with team members and stakeholders on firm-mandated, cross-LOB, and regional audits
• Partner with Third Party Oversight teams to ensure effective technology risk management of vendors engaged by technology partners, with a focus on Cloud computing / emerging technologies.

Preferred Experience:

• Strong written and verbal communication skills with ability to effectively communicate and present security risk concepts with business and technology partners.
• Strong personal leadership, collaboration, bias for action and experience working within fast paced, complex and high performing Digital/Agile/Scaled Agile teams
• Strong analytical skills including solving and communicating complex problems, data analytics, measurement and reporting needed to drive continuous improvement.
• 5+ years of experience in Security and /or Risk Management and / or Corporate Technology with an aptitude in application and platform security
• Applicable working experience in multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Preferable Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect)
• Preferable experience in multiple modern development practices (e.g. microservices, containers, orchestration, continuous integration & delivery pipelines, API first, service delivery & integration)
• Preferable experience of Secure Software Development Life Cycle (SSDLC) (e.g. code review, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
• Preferable experience in enterprise Identify and Access Management solutions, (e.g. Federated Identity, Privileged Access management, Active Directory, Role Based Access Control)
• Preferable experience working in regulated industries, in particular leveraging technology standards, frameworks, compliance, and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
• Preferable experience working in a matrix management model across globally diverse, virtual teams to deliver strategic initiatives and commitments, ideally leveraging product and Agile principles.

Understanding of the external threat landscape, threat actors, adversary tactics & techniques, and industry trends

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.

As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.

Equal Opportunity Employer/Disability/Veterans

There are over 30M small businesses in the United States, but only a tiny fraction of them have a workplace savings program in place. As the savings gap in the country widens, it's imperative that every worker has access to and participates in their company's savings program, such as a 401(k) or 403(b). We believe that American workers should have easy access to an inexpensive, flexible, and intuitive solution to save for a brighter future.

Unfortunately, prior to Vestwell, small businesses have been neglected and underserved, with expensive, inflexible, poorly designed offerings built on old, mainframe software. Vestwell is changing that, starting with rebuilding the core infrastructure for the modern era.

Vestwell's north star is to be the engine behind a $30T industry, powering all payroll-deducted workplace savings programs for small-to-midsize businesses, such as 401(k), 403(b), IRA, emergency savings accounts (ESA), health savings accounts (HSA), 529 college savings, and alike.

Vestwell's focus is to build the most flexible, powerful workplace savings and investment platform, delivered through the hands and minds of their financial services partners with the help of payroll provider partners. The team at Vestwell makes the hard stuff look easy, by combining the expertise of financial advice with the sophistication of a technology provider.

As a result, workplace providers are able to bestow the advice and solution employers and employees have been asking for, while growing and scaling along the way. Employers get a cost-effective solution designed for their needs without all the headaches, and employees get a user-friendly portal that helps them achieve their long-term saving goals.

Why Vestwell?

With backing from leading FinTech investors, as well as a growing team of dedicated professionals of strong industry pedigree, Vestwell is at the forefront of a much-needed change in a 40-year old industry. Our team believes in the mission we've set out to achieve and we are working hard to get there. We're ambitious, honest, thoughtful, and fun.

Who are we looking for?

Vestwell is expanding and we're excited about bringing onboard a Director of Secure Choice Relationship Management to work with our Secure Choice State Auto-IRA Programs Relationship Management team. At a high level, we're looking for someone who has great communication and problem-solving skills along with the proven ability to juggle multiple priorities at once.

What will you be doing?

The Vestwell State Savings Secure Choice team is responsible for ensuring that our clients are continuously receiving and recognizing value from the retirement platform that we are building. You will work closely with clients to understand their business objectives and develop success plans that enable Vestwell to meet those objectives. The Director of Secure Choice Relationship Management will support existing State Secure Choice Auto-IRA Program clients to ensure execution on agreed upon deliverables, ongoing alignment of business objectives, and that our state clients are continuously receiving and recognizing value from the retirement platform we offer. This individual will collaborate with the team in the development of success plans that enable Vestwell to meet our Secure Choice goals. This role will provide an opportunity to experience the entire ecosystem of State Program Relationship Management - from business development, to product ideation, to implementation, and ongoing support.

Day-to-day, you will be expected to:

• Lead the relationship with our State partners as the point person for Vestwell's program administration of a Secure Choice State Auto-IRA Program
• Conduct regular State client meetings, proactively identifying risks and mitigations of issues as they arise, to ensure the successful delivery of our solutions according to clients' needs and objectives
• Collaborate cross-functionally with Product, Engineering, Marketing, Technology, Finance, Operations, and Legal teams to communicate and ensure we meet the needs, SLAs, and adherence to all requisite State Program administration requirements (e.g. introducing new product features, coordinating program launch strategies, managing response to escalated issues, etc.)
• Ensure implementation of ongoing relationship strategies and initiatives are optimized to enable teams to achieve its State Plan launch and ongoing administration goals
• Design and execute success plans to optimize client relationships, adoption, and satisfaction with Vestwell.
• Communicate with clients regularly through email, phone, online presentations, screen share and in-person meetings to understand their current needs and ongoing requirements
• Develop a trusted advisor relationship with key accounts, client stakeholders, and executive sponsors
• Develop and maintain subject matter expertise on our products and services and industry compliance requirements to provide timely, professional, and knowledgeable customer support
• Assisting Sales/Operations teams with RFP responses for large opportunities

Requirements

The Necessities

• A myriad of experience in a client-facing Retirement/Wealth Management/ Advisory, or as a Customer Success/ Relationship Manager
• Able to understand and translate business goals into actionable and measurable initiatives
• Experience in building relationships and garnering trust with executive decision makers and influencers
• A deep understanding of the financial industry & financial service technologies
• Capable of working collaboratively across multiple organizations
• Comfortable with managing escalations and executing on success plans
• Self-starter who is extremely organized and detail oriented strategic and outside of the box thinker
• Strategic problem-solving skills
• Strong organizational, analytical, and prioritization skills
• Excellent written and verbal communication skills
• Strong skills with Office suite, including excel and PowerPoint

The Extras

• Basic knowledge of project management, client onboarding experience including setting targets, KPIs, and reporting progress
• Understanding and knowledge of state-administered Auto-IRA programs or experience working with other state programs, including governing boards and staff

Our Benefits

We're a growth stage startup with lots of exciting milestones ahead. We value health and wellness at Vestwell and in addition to a dedicated Employee Wellbeing Committee, we offer competitive health coverage and an open vacation policy. We have adopted a remote-hybrid office policy, but all employees are welcome at our bright, comfortable office with many workspace options in midtown Manhattan so everyone has a setting that is the most productive for them. We provide our team with all the equipment they need (plus a few perks!) to work effectively remotely. Oh, and naturally we have a great 401(k) plan!