This Job Vacancy has Expired!

Information Security Executive

Posted on Mar 12, 2019 by USAA

San Antonio, TX 78208
Information Technology
Immediate Start
Annual Salary
Purpose of Job The ED, Information Security manages and drives information security teams, structures, policies/standards, processes and tools needed to ensure that USAA establishes, deepens and retains a best-in-class information security posture. This Executive Director role has a direct impact on protecting USAA's brand and reputation within assigned Information Security functional areas including but not limited to Identity & Access Management (IAM), Cyber Threat Operations, or Risk Management. This role also provides information security leadership and development for first line management and leadership at all levels. In addition, this leader establishes and utilizes peer relationships throughout the enterprise to execute operational requirements and achieve strategic objectives. This position leads enterprise IAM Program with responsibility for workforce access management.

Job Requirements

    • Leads the design and implementation of USAA's IAM strategy, taking into account USAA's information security strategy, USAA's broader business strategy, and complex regulations and nuanced supervisory expectations, including how they apply in a matrixed commercial environment.
    • Role models USAA's mission, core values, culture and desired behaviours - including a sound risk culture.
    • Develops talent across IAM and other information security teams to deliver performance and results - including the identification, development and retention of talent with requisite information security and cyber security capabilities.
    • Drives the operations of the cyber and information security team - including core business processes and technologies.
    • Holds self and others accountable for meeting commitments by setting and clearly communicating expectations and roles and responsibilities relative to the cyber and information security activities.

    Technical and Risk Responsibilities

    • Manages IAM program operations, architecture / infrastructure support, analysis, and oversight of compliance tasks and activities.
    • Accountable for operating within established policies and guidelines, and acting in accordance with applicable laws, regulations, and supervisory guidance, including those related to consumer protection, including ensuring policy exceptions are promptly and effectively assessed and escalated.
    • Participates in the development of the organization's strategic plan. Executing activities consistent with the firm's strategy and risk appetite and risk tolerance.
    • Maintains current working knowledge knowledge of IAM technologies related to user authentication and authorization, access management, privileged access, identity governance, federations, and single sign-on.
    • Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
    • Responsible for developing, maintaining, testing, and monitoring an internal control environment, including information systems and preventative and detective controls, to effectively manage material risks.
    • Supports the design and approval of information security systems for the Enterprise.
    • Develops advanced, customized tools and scripts to enhance enterprise IAM tooling, minimize risk associated with manual processes, improve user experience, and increase operational efficiency.
    • Identifies access and user behavior related risk and liaises with senior stakeholders to communicate any risks associated.
    • Identifies, assesses, measures, monitors, and controls material risks consistent with the risk appetite and risk tolerance, including the development, adherence, monitoring, reporting on risk limits and risk limit utilization.
    • Monitors the probability of any information security-related incidents and executes on the appropriate preventive strategies consistent with sound business judgment and internal controls.
    • Identifies and tracks information security policy violations for the enterprise and reports information security risks in a manner that meets compliance and regulatory requirements.
    • Participates in the development of the organization's strategic plan. Executing activities consistent with the firm's strategy and risk appetite and risk tolerance.
    • Appli es expertise in both host network and cloud architectures to ensure appropriate access models are employed.
    • Ensures technology security incidents are documented clearly and that realistic remediation plans are developed.
    • Handles incidents, including significant events, and communicates with senior leadership.
    • Collects relevant incident related statistics and publishes operational health metrics to senior leadership and others on a regular basis.
    • Develops, communicates, and reinforces, risk appetite and risk tolerance throughout the organization in a manner that causes all employees to align their risk-taking decisions.
    • Communicates risk and other security incident themes and develops recommendations for resolution..
    • Applies knowledge of the financial industry regulations, guidance and supervisory practices to help influence and shape safe and sound cyber security risk management practices, countermeasures and controls.
    • Identifies security trends, evolving technologies and promotes the utilization of industry standards and best practices.
    • Identifies, develops, attracts, and retains talent that have the knowledge, skills, and abilities to effectively identify, measure, monitor, and control risks


    • 10+ years of experience in technical discipline (e.g. cyber security, identity and access management) with a proven track record leading comparable operations and programs (e.g. information governance / security, electronic information, privacy, eDiscovery, records management, operational risk management) .
    • 6+ years of relevant experience in a large financial institution in a supervisory role in cyber security operations, insider threat or threat intelligence program support, or cyber threat analysis and mitigations.
    • 4+ years of experience in building, managing and/or developing high-performing teams.
    • Bachelor's degree required (e.g. Computer Science, Information Security, Business Administration, or Information Systems/Management).


    Regulatory Understanding (Illustrative)*

    Maintains in-depth knowledge of regulatory requirements and supervisory expectations / laws including domestic and global data privacy protection standards impacting the organization's risk management framework, governance, standards, capabilities and risk strategy across all lines of business, including OCC, Federal Reserve, TDI, NAIC, FFIEC, FINRA, FDIC, CFPB, and FinCEN expectations. Well-versed in regulations and standards related to risk management and information security (e.g., Payment Card Industry Data Security Standard (PCI-DSS), HIPAA, Gramm-Leach-Bliley, FFIEC Cybersecurity Assessment Tool, General Data Protection Regulation (GDPR), NIST Cybersecurity Framework (CSF)).

    Certifications & Advanced Degrees

    • Advanced degree such as Masters in Computer Science/Information Security preferred.
    • Cyber Security industry certifications preferred such as GIAC Cyber Threat Intelligence (GCTI), Certified Cyber Threat Analyst (CCTA), FOR578: Cyber Threat Intelligence, GCIH (GIAC Certified Incident Handler).

    Reference: 668740299