Chief Information Security Officer

Huntington Bank

The chief information security officer (CISO) is responsible for establishing and maintaining a corporate wide information security program to ensure that information assets are adequately protected.  This role will utilize security experts and technology to support a secure infrastructure and data security.  The role will lead strategic security planning with IT management and HNB Risk Management and with users across the Huntington footprint.  The CISO position requires a visionary leader with strong skills in technology and business management. The CISO will proactively work with business units to implement practices that meet defined policies and standards for information security

Job Requirements:

• Bachelor’s Degree or Equivalent experience in an information Technology discipline with more than 10 years of experience in the information security field, which must include experience managing a staff of security personnel and:
• Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Must be a critical thinker with strong problem-solving skills.
• Knowledge of technological trends and developments in the area of information security and risk management.
• Professional information security certification (e.g. Certified Information Security Manager - CISM, Certified Information Systems Security Professional – CISSP).
• Experience with Sarbanes-Oxley, ISO/IEC 17799, PCI, FFIEC and other pertinent compliance regulations preferred.
• Demonstrated expertise in a variety of the field's concepts, practices, procedures, security technologies, standards, and networking architectures.
• Must have comprehensive knowledge of government and regulatory agencies policies/procedures from a security perspective.
• Excellent interpersonal, communication (both oral and written), skills required with the ability to interact and relate necessary information to executive management.
• Experience with current IT security technologies
• Broad banking understanding and knowledge of security approaches that support the operational processes
• Strong Management and organizational skills

Detailed Description:
The CISO will lead the overall Security program for the Huntington. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements.   The CISO serves as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies.

They will be a direct report to the IT and Operations Segment Risk Officer, but will manage teams of individuals whose reach is bank-wide.  They will own all security efforts and be expected to drive improvements to not only stay ahead of increasing security threats, but also contribute to a reduction our overall risk posture. They will oversee the planning, scheduling, assignment and monitoring of staff, budget and resources with the Information Security group.

This person and their team will work very closely with the IT and Operations Risk Management Team and the Segment Risk Officer determine acceptable levels of risk for the organization and to manage and reduce risks in the environment.  They will own the Systems Information Security efforts as outlined in the strategic plan and drive the existing and future projects to improve. 

Responsibilities Include, but Are Not Limited to:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
• Manage the Huntington’s security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations), including hiring, training, staff development, performance management and annual compensation review.
• Develop, communicate and ensure compliance with organizational security policies and standards.
• Develop and manage information security budgets and monitor them for variances.
• Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
• Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
• Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 17799, CobiT and ITIL.
• Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Coordinate information security projects with staff from the IT organization and business unit teams.
• Ensure that security programs are in compliance with applicable laws, regulations and policies to minimize or eliminate risk and audit findings. (Examples of applicable laws and regulations include the Sarbanes-Oxley Act, the Graham-Leach-Bliley Act and the Health Insurance Portability and Accountability Act.)
• Liaise between the information security team and corporate compliance, audit, legal and HR management teams as required..
• Manage security incidents and events to protect corporate IT assets, including intellectual property, fixed assets and the company's reputation.
• Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
• Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
• Facilitate business alignment and communications by leading the information security steering committee.

Candidates interested in applying for the job should send thier resumes to Jim.Kraynak@huntington.com