Chief Information Security and Privacy Officer

 The Job 

As the Chief Information Security and Privacy Officer, you will provide the strategic direction and leadership for World Vision US Information Security and Privacy. You will manage a team of five Information Security and Privacy professionals, and are responsible for developing, maintaining, and governing information security and privacy across the organization. You will lead out on improving our incident response planning and execution efforts, and work on highly complex projects that require in-depth knowledge across multiple specialized architecture domains. Using your combined business acumen and technical experience, you will be responsible for providing an enterprise-wide perspective to the organization and drive the Information Security Council and the Incident Response Team. The Chief Information Security and Privacy Officer will serve as the senior accountable executive for Information Security and Privacy to the WVUS Board, WVUS Executive Management, and WV Global IT.  

If you’re looking for an opportunity to use your professional and technical expertise to lead a diverse and talented team and to create a bigger impact for God’s Kingdom, this might just be your calling!

Job responsibilities include:

• Keep Christ central in individual and corporate life. Actively participate in and contribute to the spiritual disciplines of the organization (Christian conduct, devotions, chapel, prayer, worship); incorporate WV Core Values into decisions within scope of role. 
• Strategic Direction:  
• Lead research and analysis of emerging legislation, external risks, technology advancement, industry trends, and best practices to determine their potential impact on the WVUS Information Security and Privacy.  
• Stay abreast of current cyber threats and information security technologies. 
• Communicate risks to senior management and recommend mitigations 
• Define the principles that guide Information Security and Privacy decisions for the enterprise.  
• Align Information Security and Privacy strategy with business goals.  
• Consult on the solutions viewpoint, in which the business, information, technology, and security viewpoints are synthesized into solutions that deliver capabilities to the enterprise.  
• Participate in the active balancing of business and technical priorities in order to maximize benefits to World Vision's ministry.  
• Strategic Execution:  
• Lead the development and implementation of Information Security and Privacy capabilities based on business requirements as well as gaps and pain points within the current state.  
• Lead the development of Information Security and Privacy policies, processes, standards, guidelines, and patterns.   
• Lead the Information Security and Privacy governance processes.  Manage exceptions to Information Security and Privacy standards at an enterprise level.  Lead and facilitate the creation of governing principles to guide enterprise decision making.  
• Lead the Information Security Council, the Incident Response Team, and liaise with other World Vision office Information Security related entities.  
• Manage exceptions to Information Security and Privacy standards at an enterprise level.  
• Provide strategic consultation to business and IT leaders.  Advise on options, risks, costs, versus benefits, and how technology tradeoffs influence strategy.  
• Meet with project management and IT leaders to ensure Information Security and Privacy alignment for both new and existing technology solutions.   
• Define and manage the roadmap for Information Security and Privacy solutions and capabilities. 
• Staff and Team Leadership:  
• Provide leadership, technology guidance, and mentor others throughout the enterprise.  
• Provide leadership for Information Security and Privacy awareness 
• Lead the development and execution of a communication and education plan for the enterprise Information Security and Privacy.  
• Define team and individual goals and set clear performance objectives, then monitor progress and results.  
• Provide timely team and individual feedback to recognize accomplishments and address performance needs.    
• Coach and mentor direct reports/team members/ recommend appropriate skills training to enhance career development and work with direct reports/team members to create personal development plans.  
• Hire, fire, train, counsel, evaluate, and recommend salary increases and promotions for those under direct supervision.  
• Facilitate hiring of consultants and contractors responsible for performing Information Security and Privacy activities.  
• Work collaboratively with team members when assigned to work as a member of a team.  
• Perform other duties as assigned. 
• Maintain awareness of corporate goals, objectives, organizational announcements, and activities. Reference and follow organizational policies and procedures, seeking clarity as needed.

You Bring 

• Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Systems Analysis or related field or equivalent work experience (eight years). 
• In addition to education or education equivalent, requires a minimum of 10-15 years of work experience in multiple IT areas, including five or more years of relevant enterprise-wide architecture and information security experience, and five or more years of experience leading teams. Requires CISSP, CISM, or GIAC. 

Additional Skills we’d like to see include:

• Compliance and Privacy Law Experience: Prior knowledge and experience right-sizing, implementing, and complying with NIST CSF, CIS, and PCI, and privacy laws, e.g., Colorado Privacy Act or similar privacy laws like GDPR, CCPA/CPRA, etc. 
• Business Analysis: Using industry standard processes, partner with IT users to identify and document business requirements, articulate and revise processes, clarify system needs, and document functional requirements in clear and concise language.
• Risk Analysis Experience: Qualitative and quantitative risk analysis, including cost-benefit analysis in decision-making.
• Stakeholder Relationship Building: Understands the diverse needs and agendas of various stakeholders and balance multiple and sometimes conflicting interests to support the organization's long-term effectiveness.
• Strategic Orientation: Understands complexity and views situations from a broad strategic perspective. Effectively translates organizational/divisional strategy into strategy for own area(s) of responsibility.