Job Description

Responsibilities Principal India and Philippines Job Code Head of Information Security Risk + BISO Job Business Unit Principal India and Philippines Job Purpose The Head of the Information Security team is a senior leadership position. In this role, the individual will be responsible for managing the Information Security function for PGS India Manila, and ensuring the enterprise information security strategy and program is carried out across PGS. The role will also be the BISO for PGS India Manila. The Head of Information Security is a member of the enterprise information security leadership team and will participate in steering committees to ensure the enterprise information security program and strategies are effective for the PGS locations, including awareness, adoption, and monitoring, as required. As a leader of leaders, the Head of Information Security must be skilled at building and empowering teams to ensure outcomes of both customer-focused and secure solutions across security domains including identity and access management, cyber defense, software security, cloud security, data protection and governance, risk and compliance. Continuous learning and engagement in the field of information security is necessary. Essential Functions Responsible for the operational and strategic leadership of the information security teams that make up Principal India Manila Information Security team. Provide strategic direction to the team in alignment with the enterprise information security team and the CISO. Direct the planning, budgeting, training, development, compensation administration, and performance management of staff. Create and foster an environment to support and enable high performing teams to focus on objectives and deliver on measurable key results including within Information Security as well as business areas as needed to protect the integrity, confidentiality and availability of the company s information and systems. Use enterprise tools and processes to ensure successful outcomes. 30% BISO for Principal India Manila would be responsible for both the operational and strategic leadership of the Information Security teams, ensuring the protection of the organization s information assets, systems, and networks. This position requires a dynamic leader who can align security strategies with overall business goals, while ensuring that the operational aspects of the security teams are robust, efficient, and resilient. The BISO works closely with the Enterprise BISO, Chief Information Security Officer (CISO), Principal India Manila Leadership and the broader Infrastructure, Information Security and other business and enterprise teams to direct strategic initiatives, compliance efforts, and incident management to safeguard the company s information security. 10% 3. Bring awareness to cybersecurity compliance matters specific to relevant countries of Principal India Manila, participate in cybersecurity audit matters, ensuring timely, accurate response and oversight. Provide clear communication to information security leadership and leverage shared processes, technology, and expertise. 10% 4. Ensure security operations center is operating efficiently, with required 24x7 availability and quality requirements. Monitor security intelligence sources, informing the organization of emerging threats and impact to Principal India Manila. Ensure all cyber defense team responsibilities are carried out daily and that execution of incident playbooks meets expectations. 15% 5. Consult, and provide subject matter experts to consult, on information security matters including technology solutions and risk management. Understand risk management framework and ensure it is applied appropriately for all cyber and technology risk management needs. Provide relevant information security risk information to Principal India Manila and Enterprise leadership. Participate in leadership/ management meetings; lead with integrity and be a trusted advisor. 15% 6. Apply technical knowledge and expertise of information security frameworks, systems, and solutions across the information security domain (Identity Access Management, Data Security, Cyber Defense, Governance, Risk and Compliance) to assist with architecture, engineering, planning, and problem solving related to work assigned across the team. Be a sounding board for ideas and alternatives. Work effectively with other technology and risk teams across the company. 15% 7. Individually and with the team, establish open communication with the local offices as points of contact for all security related issues, promote best practices, represent the needs of the office to the applicable information security governance groups and to Enterprise BISOs and the CISO, including input on policies and standards. Suggest improvements or areas of concern in the Information Security Program or other security related activity. Provide updates on security related roadmap plans, programs, etc., for office and US leadership. Work as requested with corporate incident response team to address cyber security incidents involving or impacting the local office. 5% Qualifications Education: College Degree in related field is required. Security certifications such as CISM, CISSP is desired but prior work experience is prioritized over certifications. Skills required Must have 16 + Years of increasing experience in Information Security with strong academic background. Should have the maturity and leadership presence to approach their work delivery prioritization independently. A thought leader with an ability to attract, develop and retain a high performing and unbiased teams, hence being a leader of leaders is vital. Ability to lead, partner and influence the operational teams as well as our scrum teams. Strong communication skills, ability to influence, manage conflict with strong ethics, integrity, and equity. Ability to stay current with emerging threats, security risks and potential impacts to the business. Should have strong exposure to security frameworks (such as NIST or ISO), security technology (such as IDS/ IPS, firewalls, application security, vulnerability scanners, network security, Cloud security, data security, identity and access management solutions, etc.) Should have a sense of urgency and confidently drive action, consensus and execution without regulatory mandates and enable secure and effective business outcomes. Should have a global understanding of security laws and regulations. Hands-on experience in Information Security Risk areas driving remediation, analysis and mitigation in Cyber security, IT Infrastructure, and applications. Reporting Relationships This job reports to the Senior Director Technology and has matrix reporting to the Chief Information Security Officer of Principal Financial Group Direct Reports: ISR Principal Global Services Team (4-8 Direct Reports) Disclaimer We reserve the right to change this job description any time, and this job description is not intended to detail every requirement of the job. Other job requirements may be found, for example, in an individual s goals as determined by their leader. Qualifications Additional Information