#R17014
men to integrate security effectively within the organization's operational context.
Key Responsibilities:
Leadership and Team Management:
Lead and manage the Business Information Security Officers (BISO) team, providing direction, mentorship, and career development.
Foster a collaborative environment that emphasizes the integration of security into all aspects of business operations.
Ensure the BISO team is effectively supporting business units and subsidiaries where applicable in identifying, assessing, mitigating, reporting and escalating cybersecurity risks to the appropriate leaders.
Monitor and evaluate the performance of the BISO team, aligning their activities with the BISO framework and organizational security objectives and KPIs.
Strategic Planning and Execution:
Set and own the strategy, in collaboration with cyber security senior leadership team and senior business leaders, for achieving best in class security practices and regulatory requirements.
Drive and ensure effective implementation of cyber security program policies, standards, and controls across all business units.
Prioritize cybersecurity initiatives based on business risk and resource availability, ensuring that security efforts are balanced with operational demands.
Stay abreast of emerging cybersecurity threats, industry trends, and regulatory changes, incorporating relevant insights into the organization's security strategy.
Cultivate an agile team culture whereby scarce resources are aligned to the highest priorities based on a growing and changing organization and ever-evolving cyber risk landscape.
Provide holistic cybersecurity risk metrics and reporting to business leadership for providing visibility into cybersecurity posture, enabling proactive risk management and ensuring alignment between security efforts and business objectives.
Risk Management and Compliance:
Partner with business leaders to understand key business processes, their associated risks, and the security controls required to protect them.
Oversee risk assessments and security posture reviews for business units, providing tailored recommendations for mitigation. Coordinate with ETX Governance and Risk team to document and track remediation efforts in the eGRC tool.
Ensure compliance with applicable regulatory and legal requirements (e.g., NYDFS) as well as internal policies and standards, partnering with ETX Governance and Risk team
Coordinate with audit, legal, and ETX Governance and Risk teams to ensure that the organization is adequately prepared for security-related audits and assessments.
Support risk reporting teams by helping define business use case requirements to drive tailored persona risk reporting across various sets of stakeholders.
Communication and Collaboration:
Serve as a key liaison between the cybersecurity team and business units, ensuring effective communication regarding security risks, requirements, and initiatives.
Communicate and document security risks and strategies to senior business executives and board members in business terms they can understand.
Promote a culture of security awareness and continuous improvement, ensuring that business units are engaged and proactive in managing cybersecurity risks.
Collaborate with other functional teams (IT, legal, compliance, and risk management) to drive a unified approach to cybersecurity.
Ensure BISOs maintain an acceptable level of relationship health across all business areas and stakeholders they are aligned to and support, while working to define and hold accountable both development and role commitments.
Incident Management and Response:
Ensure that the BISO team actively supports the incident response process by coordinating with business units during security events.
Participate in the review and analysis of major security incidents, working to identify root causes, lessons learned, and preventive actions.
Lead the development of business unit-specific incident response plans and ensure alignment with the broader organizational incident response strategy.
Minimum Qualifications:
Experience:
10+ years of experience in information security, with at least 5 years in a leadership role managing cross-functional or business-facing security teams.
Experience working closely with an array of business units, understanding business drivers, and aligning security initiatives with business needs.
Proven track record of managing security programs and multiple cyber domains in large, complex organizations with diverse business operations.
Experience in conducting risk assessments, managing security incidents, and ensuring compliance with relevant security frameworks and regulations.
Skills:
Strong leadership and team management skills, with the ability to inspire and guide a diverse team.
Exceptional communication skills, both verbal and written, with the ability to communicate complex security concepts to non-technical stakeholders.
Strong analytical and problem-solving skills, with the ability to navigate complex business environments and prioritize competing objectives.
Deep knowledge of cybersecurity principles, risk management, regulatory compliance, and security frameworks (e.g., NIST CSF, NYDFS).
Demonstrated ability to develop and execute strategic plans that align security objectives with business goals.
Key Competencies:
Strategic Thinking: Ability to see the big picture and align security initiatives with the long-term goals of the business.
Collaboration: Capable of working effectively with business units, executives, and technical teams to drive security initiatives.
Influence: Skilled in influencing stakeholders at all levels to prioritize security and adopt best practices.
Risk Awareness: Deep understanding of business risk and the ability to communicate and mitigate security risks effectively.
Adaptability: Ability to navigate and lead in a rapidly evolving cybersecurity landscape, adapting strategies as needed. Data Driven Decisioning: Ability to effectively collect, process, analyze, and interpret data to derive meaningful insights that inform decision making and resolve problems.
Education: Bachelor's degree in Information Security, Computer Science, Information Technology, Business Administration, or a related field is required.
Certifications: One of the following, or related, security certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor).
Ideal Qualifications:
Master's degree in Cybersecurity, Information Systems, Business, or related fields is preferred.
#LI-MC1
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
EEO Statement (Opens in new window)
MassMutual will accept applications on an ongoing basis until such time as a candidate has been offered employment. The job description includes the main duties of this position, which may evolve over time. You may be required to perform other duties not listed.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.
Salary Range: $189,900.00-$249,200.00