Share this Job

VP, Delivery CISO

Apply now »

Date: Jun 9, 2021

Location: Plano, TX, US

Company: NTT DATA Services

Req ID: 128249 

NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a VP, Delivery CISO to join our team in Plano, Texas (US-TX), United States (US).

NTT DATA, Inc. currently seeks a Delivery Chief Information Security Officer (Delivery CISO) to join our team in Plano, TX USA.  This position will be responsible for all customer delivery Information Security teams and will report to the Enterprise CISO.  The Delivery CISO will drive the internal Information Security programs, and work proactively with Delivery Teams, Business Unit Leaders, Client Executives and Legal to ensure the confidentiality, integrity, and availability of customers' information assets entrusted to NTT DATA.

 

This role is Remote temporarily, until the office in Plano opens back up!  Estimated September re-opening.

 

Duties and Responsibilities

  • Partner with the Enterprise CISO to develop and implement an Information Security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate;
  • Provide leadership and direction to the Security Engineering & Architecture, Security Operations, Cyber Resilience, and Identity & Access Management teams;
  • Facilitate an Information Security governance structure through a hierarchical governance program, including the operation of an Information Security Steering Committee and Advisory Board;
  • Provide regular reporting on the status of the Information Security program to enterprise risk teams, senior business leaders, and other NTT Operating Companies as part of a strategic enterprise risk management program;
  • Work with the Global Procurement and Global Sourcing teams to ensure that Information Security requirements are included in contracts for goods and services;
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management;
  • Provide clear risk mitigating directives for projects with components in IT, including the appropriate application of controls based on risk;
  • Manage the budget for the Corporate Information Security function;
  • Manage a cost-efficient Corporate Information Security organization, consisting of direct reports and dotted-line reports (such as individuals in Delivery and IT Operations). This includes hiring, training, staff development, performance management and annual performance reviews;
  • Develop, implement and monitor a strategic, comprehensive Information Security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by NTT DATA;
  • Work effectively with business units to facilitate Information Security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite;
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations;
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets;
  • Measure the efficacy of the Corporate Information Security Program, and review it with the appropriate stakeholders at the executive and board level;
  • Create the necessary internal networks among the Information Security team and line-of-business executives, compliance, audit, physical security, legal and HR management teams to ensure alignment as required;
  • Build and nurture external networks consisting of government and industry peers, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks;
  • Create and manage a risk-based process for the assessment and mitigation of any Information Security risk in the corporate ecosystem consisting of supply chain partners, vendors, consumers and any other third parties;
  • Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy;
  • Define and facilitate the processes for Information Security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings;
  • Ensure that security is embedded in the project delivery process by providing the appropriate Information Security policies, practices, guidelines, and templates;
  • Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk;
  • Manage and contain Information Security incidents and events to protect corporate IT assets, intellectual property, regulated data and the Company's reputation;
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action;
  • Develop and oversee effective disaster recovery policies and standards to align with the enterprise Cyber Resilience (DR/BCP) Program goals, with the realization that components supporting primary business processes may be outside the Company’s perimeter;
  • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas;
  • Use a risk-based approach to provide leadership, direction and prioritization in assessing and evaluating Information Security risks across the organization with a high level of integrity and discretion, advising and consulting with executives on identified risks and ensuring the execution of agreed upon mitigation/remediation steps;
  • Promote understanding of regulatory requirements across the organization, leading and/or collaborating with cross functional teams and senior business leaders to ensure execution of required testing and auditing activities by internal and external parties leading to the successful certification and/or compliance of the organization on an on-going basis;
  • Ensure alignment with common industry cybersecurity requirements and regulatory requirements such as: HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS;
  • Stay current with industry trends and the latest Information Security practices and standards to ensure solutions incorporate effective use of technology.

 

 

Minimum Requirements to be considered for this role –

  • 10+ years of experience developing and overseeing effective disaster recovery policies and standards to align with the enterprise Cyber Resilience (DR/BCP) Program goals
  • 5+ years of experience with common industry cybersecurity requirements and regulatory requirements such as: HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS;
  • 8+ years of experience providing leadership and direction to the Security Engineering & Architecture, Security Operations, Cyber Resilience, and Identity & Access Management teams;
  • 8+ years of experience facilitating an Information Security governance structure through a hierarchical governance program, including the operation of an Information Security Steering Committee and Advisory Board
  • 8+ years of experience providing risk mitigating directives for projects with components in IT, including the appropriate application of controls based on risk;
  • 8+ years of experience managing the budget for the Corporate Information Security function;
  • 8+ years of experience managing a cost-efficient Corporate Information Security organization, consisting of direct reports and dotted-line reports (such as individuals in Delivery and IT Operations). This includes hiring, training, staff development, performance management and annual performance reviews;
  • 8+ years of experience developing, implementing and monitoring a strategic, comprehensive Information Security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed
  • Bachelor’s degree required, Graduate degree preferred
  • Must be open to extended travel

 

#LI-NAM

#INDSALES

About NTT DATA Services

NTT DATA Services is a global business and IT services provider specializing in digital, cloud and automation across a comprehensive portfolio of consulting, applications, infrastructure and business process services. We are part of the NTT family of companies, a partner to 85 % of the Fortune 100.

NTT DATA Services is an equal opportunity employer and will consider all qualified applicants for employment without regard to race, gender, disability, age, veteran-status, sexual orientation, gender identity, or any other class protected by law.


Nearest Major Market: Plano
Nearest Secondary Market: Dallas

Job Segment: Consulting, Executive, VP, Information Security, Technology, Management