Carex is partnering with a Financial Services industry partner to identify a VP, Information Security to lead the strategic development and execution of a multi-year information security roadmap aligned to enterprise risk management and business objectives. This role provides executive leadership across security strategy, governance, operations, and regulatory alignment, while building a high-performing security organization and promoting a culture of shared responsibility for protecting data and systems.
What You’ll Do
- Lead the development and execution of a multi-year information security strategy aligned with business priorities and regulatory requirements
- Build, mentor, and lead a high-performing information security team while fostering enterprise-wide security accountability
- Establish and mature security governance, risk management, and control frameworks aligned with recognized industry standards
- Provide executive-level reporting on security posture, risk exposure, and remediation progress
- Partner closely with Legal, Compliance, and Privacy leadership to align security controls with regulatory obligations and financial services requirements
- Support regulatory examinations, audits, and legal reviews related to cybersecurity and data protection
- Oversee enterprise security operations, including threat detection, vulnerability management, endpoint protection, and incident response
- Lead breach response coordination and tabletop exercises involving executive and cross-functional stakeholders
- Establish and maintain secure cloud architectures across IaaS, PaaS, and SaaS environments
- Strengthen identity and access management across hybrid and cloud environments using modern security principles
- Oversee third-party risk management, including vendor security assessments and contractual cybersecurity requirements
What You’ll Bring
- Extensive experience developing and executing enterprise-wide information security strategies for mid to large organizations
- Proven senior leadership experience with accountability for security governance, risk management, and operational execution
- Deep knowledge of financial services regulations, privacy laws, and security frameworks such as NIST CSF, ISO 27001, CIS Controls, or comparable standards
- Demonstrated expertise in threat management, vulnerability management, security operations, and modern ransomware defense strategies
- Strong hands-on experience with cloud security architecture across IaaS, PaaS, and SaaS platforms, including identity and access management and zero-trust concepts
- Experience leading enterprise incident response efforts in collaboration with executive leadership, Legal, Compliance, and Privacy teams
- Background designing and overseeing third-party risk management programs and vendor security assessments
- Bachelor’s degree required; advanced degree in cybersecurity or a related field preferred
- Professional security certification such as CISSP strongly preferred
Carex Consulting Group is an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, or Veteran status.
#LI-WR1