Affirm Logic Corporation (ALC) is conducting a search for an experienced and highly qualified VP of IT and Chief Information Security Officer (CISO) accountable for defining and delivering IT strategy and capabilities across the company. This includes data analytics and business intelligence, digital transformation, development and support, infrastructure and information security. Reporting to the COO, the leader will be responsible for giving oversight and proactive direction to business leaders on strategy, standards, opportunities for automation, application of new technologies, and economies of scale across the IT and OT operations.
The leader is a key contributor to the company’s strategy and planning process and will be responsible both for IT operations and for Operational Technology (OT) and digital innovation. It is critical for the leader to build strong and productive relationships with all business unit leaders, acting as a true partner in support of the CTO’s engineering and operational technology needs.
Strategy and Planning
- Align IT objectives and programs with the organization’s overall vision, strategies and objectives.
- Define, update and implement an integrated IT/OT/business strategy.
- Ensure that IT/OT projects are prioritized and resourced based on a set of criteria (ROI/NPV, cash flow, working capital, cycle times, customer service, risk mitigation, etc.) agreed across the executive team.
- Develop IT/OT and Security solutions that enable business process re-engineering. Ensure proper business change management practices are employed.
- Develop, in collaboration with other senior leaders, forward-looking models and initiatives that provide insight into the organization’s operations and efficiency.
- Own and lead the company’s strategies and practices to ensure information-/cyber-security protections and response effectiveness. Interact with senior management team to monitor and validate the organization’s compliance with the policies and practices.
- Establish and maintain active resource plans. Develop staff for professional growth & succession.
IT & OT Leadership
- Plan and manage strategic all technology initiatives projects, including AWS cloud and cybersecurity and for our commercial product CodeHunter.
- Define performance metrics based on the organization’s overall objectives, control performance objectives and budget.
- Lead planning and implementation of all management and reporting systems.
- Deliver sustainable high-quality day-to-day IT/OT infrastructure performance among systems, applications, and networks, including data center services, help/service desk, communications networks (voice and data), and systems operations. This includes the technology infrastructure for our cloud-based operational technology platform for our SaaS product CodeHunter.
- Ensure a responsive Help/Service Desk to maintain/improve end-user productivity.
- Manage the IT/OT applications portfolio; develop roadmaps where existing applications are no longer suitable nor effective in enabling expected business outcomes.
- Work with the executive team to ensure timely, accurate, and useful financial and operational reporting.
- Maximize the mix, and optimize the cost, of in-house vs. outsourced vs. cloud-based services.
- Establish strategic service provider partnerships, including software, hardware and related services.
- Define standards and architectures.
- Consolidate IT processes across the organization.
Policy and Community Relations
- Participate in organizational policy development as a member of the senior management team.
- Develop and lead policy development as it relates to information management and technology-driven innovations.
- Represent the organization from a technology perspective to partners, coalitions, government and community organizations and technology trade groups; play a vocal and visible role.
- Remain up to date on applicable and appropriate technology innovation.
- Align IT/OT risk management with organization-wide risk management.
- Manage and maintain the integrity of all electronic and books and records of the enterprise.
- Establish an “IT Risk Register” to manage people/process/technology risks, including likelihood, impact and the recommended mitigating actions.
- Ensure compliance with Sarbanes Oxley and Privacy regulations and/or other applicable standards.
- Ensure maintenance and execution of appropriate internal controls and procedures.
- Leads a strategic point of view for security solutions that can be impacted by new technologies (Cloud, Mobility, etc.), and business drivers (M&A, New Business Models).
- Provides system security planning, development, and implementation of security policies across multiple platforms.
- Provides consultation and support in security management, architecture standards and documentation, and chances/enhancements to security configurations.
- Defines processes to manage network and application security as well as prevent the proliferation of viruses and hacker intrusion.
- Manages execution of vulnerability scans, penetration tests, and audits to proactively identify areas of risk.
- Tracks and directs the mitigation of technical security incidents across enterprise IT and OT and manage them through to resolution.
- Keeps up to date on information security threats and countermeasures and advise staff and development teams.
- Works with third-party testing groups to perform security audits, validating threats and working with development team to implement and test resulting recommendations.
- Directs and expands our enterprise-wide security controls and safeguards.
- Responds to client security questionnaires and audits; participate in the RFP and contracting processes.
- Creates and oversees the implementation of IT/OT strategic initiatives, operations, and disaster recovery plans.
- Facilitates the creation of business continuity plans for business units and functions across the corporation.
- Works with IT/OT Support and Operations management as a member of the incident response team.
- Develops the security team and overall IT/OT organization’s capabilities in line with organizational goals and industry best practice.
SKILLS AND EXPERTISE:
- Can create a clear strategic vision for information technology that supports business objectives and can execute on that vision.
- Able to work collaboratively with diverse leaders, communicate an IT/OT and Security vision and strategy across all levels of the organization, and build consensus around key initiatives and projects.
- Possesses excellent interpersonal and communication skills, both oral and written; able to articulate ideas to both technical and non-technical audiences.
- Demonstrated ability to recruit, hire and motivate a high performing IT/OT team that values transparency and accountability.
- Possesses exceptional business acumen, analytical and problem-solving abilities.
- Comfortable with ambiguity; can handle the unexpected with flexibility.
- A team player who favors collaborative approaches when working with internal and external partners.
- Proven ability to build trust with others through a commitment to the highest ethical and professional standards.
- A high energy executive; tenacious and passionate about reaching the goal, while keeping ego in check.
- Experience leading complex, major change initiatives; demonstrated skills in change management.
- Demonstrated experience driving digital transformation and business growth through innovation and the implementation of technology.
- Demonstrated experience leading organizational data integrity and analytic capabilities, driving data-based decision making through timely/accurate delivery of data, tools, processes and expertise.
- Experience in leveraging different development methodologies appropriate to projects/products.
- Knowledge of a range of vendor technology solutions; able to select and integrate the most appropriate technologies to support the business
- Demonstrated ability to design and implement comprehensive approaches to cyber security and risk management.
- Experience designing and managing an effective IT/OT governance framework across the spectrum of IT/OTservice delivery.
- 10+ years of experience in either risk management or information security and/or IT positions.
- Certifications: One or more of the following certifications: CISSP, CISM, CISA, CIPP, HCISSP, CRISC, CGEIT, PCIP required.
- Thorough understanding of identity and access management, including cross-domain federation and cloud service provider integration.
- Experience creating technical documentation, including product documentation, technology and process best practices, and technical whitepapers.