Head, IT Security

As the global association of investment professionals, CFA Institute sets the standard for professional excellence and credentials. We champion ethical behavior in investment markets and serve as the leading source of learning and research for the investment industry. We believe in fostering an environment where investors' interests come first, markets function at their best, and economies grow. Spanning nearly 200,000 charterholders worldwide across 160 markets, CFA Institute has 10 offices and 160 local societies. Find us at CFA Institute or follow us on LinkedIn and X at @CFAInstitute.

At CFA Institute, we care about our employees' mental, physical, social, and financial well-being. That's why we are committed to providing a comprehensive, competitive benefits package that offers flexibility to make choices that meet their needs:

• Health & Well-being benefits that are amongst the best in the industry with full comprehensive Medical, Dental, and Vision for employees and their family members
• Comprehensive Leave and Time Off plans
• A focus on Financial Well-being means that we stack our retirement benefits against the most competitive standards.
• Flexible work arrangements
• Wellness, Education, and Employee Assistance Benefits

Job Description Summary:

The Head, IT Security & Operations provides strategy, leadership, and oversight for cyber and information security initiatives across the organization to advance the mission of CFA Institute globally. The role navigates the complex landscape of cybersecurity, directing daily operations and shaping the strategic direction of cybersecurity efforts across the organization. It influences policy, develops long range goals, and ensures the seamless integration of cybersecurity measures into our IT infrastructure. The Head, IT Security & Operations leads, manages, and coaches a global team to build and deliver industry-leading cyber and information security solutions that are aligned to organizational needs and priorities while fostering a culture of innovation, sustainability, and agility.

The position is based in the US (in approved states) or UK, and is supported by the Chief Information Officer.

Job Description:

In this role, your responsibilities will include:

Strategy and Leadership

• Develop and execute a multi-year strategy for the organization's cybersecurity, IT operations, and technology risk management

• Collaborate with senior management to formulate and implement IT strategies aligned with overall business goals

• Serve as a trusted advisor for business partners, driving strategic discussions and influencing decisions on cyber and information security, resiliency, and technology risk management

• Lead, manage, and mentor global IT and security teams, fostering a culture of innovation and continuous improvement

• Maintain exceptional understanding and knowledge of relevant business and technology trends, leading practices, and CFA Institute's business model to identify opportunities to deliver technology-driven business value.

• Leverage business acumen to create a bespoke and risk informed information security strategy, roadmap and workplan, measured by advanced metrics and risk quantification methods.

• Create and execute a geopolitical risk-aware information security program for senior leaders and other potentially targeted stakeholders.

Cybersecurity and Cyber-risk Management

• Establish and implement an effective enterprise-wide information security governance program

• Define and maintain enterprise cyber and information security standards, policies, and frameworks

• Oversee the team responsible for security engineering and security operations, including security tools and processes, threat and vulnerability management, intrusion detection, cyber intelligence, security incident response and forensics, and security event and log management

• Oversee and manage a 24/7 Information Security Operations Center

• Identify, evaluate, and mitigate cyber and information security risks

• Ensure compliance with local and international data protection laws and regulations

• Promote security awareness and lead training programs across the organization

IT Operations Oversight

• Oversee the implementation and maintenance of IT systems, including networks, servers, and communications infrastructure

• Ensure high performance, availability, and scalability of all IT systems and networks

• Establish and manage operational and capital budgets for the IT department

• Lead DevOps initiatives to optimize flow from development to production

• Develop and maintain disaster recovery and business continuity plans

• Oversee the IT help desk and user support functions

The skills & experience required for this role include:

• Bachelor's degree in computer science or information technology, or commensurate education and experience; master's degree preferred

• 10+ years of experience in IT executive leadership at a global organization, with a focus on both operations and cybersecurity

• Proven experience with Information Security and IT Management Standards, such as ISO/IEC 27001 and 27002, SOC2, SOX, NIST, COBIT and COSO Frameworks

• Deep knowledge of IT infrastructure, cloud technologies, and cybersecurity best practices

• Strong understanding of DevOps principles and agile methodologies

• Strong understanding of industry and technology leading practices, emerging technologies, behavioral analytics and AI/ML and how to apply them to drive cyber, digital and business transformation.

• Extensive experience implementing lean process design. Scaled Agile Framework (SAFe) certification is a plus.

• Advanced knowledge and experience in security architecture, cybersecurity, protecting sensitive information, security engineering and operations, security incident response and forensics, and operating a 24x7 information security operations center.

• Understanding of WBG technology environment desirable.

• Proven ability to effectively partner with business stakeholders to build strong partnerships, foster good governance, ensure strategic business/IT alignment, and transform relationships at the senior level.

• Proficiency in managing risk in IT application delivery environments.

• Knowledge of data analytics, reporting, and IT performance management

• Exceptional communications, storytelling and business engagement skills

• Strong collaborator with outstanding interpersonal and diplomatic skills, including the ability to facilitate, negotiate, and influence successful outcomes. Ability to influence globally dispersed decision makers through collaboration, education, and working partnerships.

Work location and travel requirements:

• Eligible for flexible work arrangements including hybrid and remote options

• Occasional travel to CFA Institute meetings, events, and testing centers; no more than 10%

This job description is a summary of job requirements and duties and is not intended to be an exhaustive list of all areas of responsibility.

If you feel this opportunity could be the next step in your career, we encourage you to click "Apply" and complete our three-minute application.

To stay up to date on current news and events, follow CFA Institute's LinkedIn page.

We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics: any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, religion, creed or belief, age, marital or partnership status, marital or family status, care giver status, pregnancy and maternity, sexual and other reproductive health decisions, physical abilities/qualities, disability, sexual orientation, gender, gender identity or expression, predisposing genetic characteristic, military or veteran status, status as a victim or witness of domestic violence or sex offense or stalking, unemployment status, infectious disease carrier status, migrant worker status, educational background, socio-economic status, geographic location and culture or any other basis protected by applicable law. This policy impacts all aspects of employment, including but not limited to, recruitment, hiring, compensation, training, development, promotion, demotion, layoff, recall, furlough, transfer, leave of absence, and dismissal. This is a global policy that applies to all CFA Institute employees, regardless of location.

If, due to a disability or current medical condition, you need an accommodation or assistance to complete a job application, you can request one at any stage of the recruitment process. Please send an email to humanresources@cfainstitute.org noting the accommodations or assistance you are requesting. Please do not include any medical or health information in this email. We will review your request and contact you to discuss the possible options and arrangements. We will try our best to provide you with an accommodation or assistance that meets your needs and respects your preferences.

Our application is not compatible with Internet Explorer (IE). We recommend using Chrome.

---