Chief Information Security Officer and Vice President, Risk Management
Reporting to the EVP, Chief Administrative Officer and Chief Risk Officer (“CRO”), the Chief Information Security Officer and Vice President, Risk Management (“CISO and VP, Risk”) is a highly strategic and results-driven executive leading the company’s information security, risk management, business continuity and incident management functions.
The CISO and VP, Risk establishes the strategic direction of the company’s information security program. The individual is responsible for the maintenance, enhancements, and monitoring of a strategic, risk management-based information security program to ensure the availability, integrity, and confidentiality of information across Financial Engines and our business partners. The candidate will work closely with Technology, Legal & Compliance and business stakeholders to ensure that Financial Engines’ information security program follows industry best practices, applicable regulatory and legal requirements, and aligns with company business objectives.
Working closely with the CRO, the position is also responsible for directing the company’s Enterprise Risk Management (“ERM”) program including the identification, monitoring, and mitigation of operational and strategic risks. A key element of the role is working with executive management to identify, prioritize and analyze risks to align with the company’s risk appetite.
The role requires a visionary leader who possesses a unique set of expertise in information security, risk and business management. The CISO and VP, Risk will have regular interface with the Board of Director’s Audit Committee and is a key member of the company’s Risk Management Committee.
This role can be located in Boston, MA or Sunnyvale, CA.
Specific responsibilities include but are not limited to:
- Leads the Information Security and Risk Management teams. Provides direction, training, and support to ensure the team accomplishes business objectives and experiences professional growth and rewarding career paths.
- Develops, manages and monitors Financial Engines’ information security strategy in support of the company’s strategic business plan.
- Provides a consistent and efficient approach to identify and analyze enterprise risks to align with the company’s risk appetite.
- Develops ERM tools, practices and policies to identify, measure, analyze and report enterprise risks.
- Provides information security program updates and enterprise risk assessments and analysis to senior management, Risk Management Committee, Board of Director’s Audit Committee and external partners, including employer clients and business partners.
- Provides leadership in the analysis and discussion of security policies, standards and practices, and guides the acquisition of advanced security controls. Collaborates with technology and business partners on identifying and addressing third-party service provider security risks.
- Leads programs to ensure employee information security education and awareness.
- In conjunction with Legal & Compliance, evaluates and disseminates regulatory information security rules, laws, and best practices.
- Responsible for threat intelligence and information sharing activities through participation in industry security groups and collaboration with internal technology partners.
- Leads and coordinates, internally and externally, responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
- Develops, maintains, and implements business continuity and disaster recovery strategies and solutions, including risk assessments, business impact analyses, strategy selection, and documentation of business continuity and disaster recovery procedures. Tests the adequacy of existing plans and strategies regularly.
- Oversees outside consultants for independent security audits, engagements and monitoring, including regular penetration and vulnerability testing.
- Minimum of 15+ years successful experience in information security risk management and governance.
- Bachelor’s degree required. Advanced degree in computer science, information science, IT or a related discipline preferred.
- Demonstrated accomplishments in security program leadership, policy development, management, and risk assessments.
- Demonstrated strong interpersonal and communications skills and the ability to work with executive management, Board of Directors and business partners including those who do not have a security or risk management background.
- Practical knowledge and experience working with information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53 (and/or the Cybersecurity Framework), SOX, and PCI DSS.
- Knowledge of incident response planning and forensics investigations.
- Integrity and high standards of personal and professional conduct.
- Knowledge of regulatory rules and standards that govern information security practices in the financial services industry, such as SEC, GLBA, ERISA and state and federal privacy laws.
- Certification as a Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM) or equivalent.
About Financial Engines
Financial Engines is America’s largest independent investment advisor1. We help people achieve greater financial clarity by providing comprehensive financial planning and professional investment management and advice. Headquartered in Sunnyvale, CA, Financial Engines was co-founded in 1996 by Nobel Prize-winning economist William F. Sharpe. We currently offer financial help to more than 9.5 million people across over 700 companies (including 146 of the Fortune 500). Our unique approach, combined with powerful online services, dedicated advisors, and personal attention, promotes greater financial wellness and helps more Americans to meet their financial goals.
For more information, please visit www.financialengines.com.
All advisory services provided by Financial Engines Advisors L.L.C. Financial Engines does not guarantee future results.
1 For independence methodology and ranking, see InvestmentNews Center (http://data.investmentnews.com/ria/).
Meet Some of Financial Engines's Employees
CTO, VP Technology Office
Alexander oversees a group of architects who are responsible for creating technology and innovation roadmaps for Financial Engines, while supporting the entire company in tech areas.
Back to top