Vervent - Director - Information Security (15-20 yrs)

Position Overview :.

We are seeking a highly skilled and experienced Director - Information Security to lead and manage our comprehensive Information Security Program.

This pivotal role will report directly to the Chief Technology Officer (CTO) and will be responsible for establishing, maintaining, and overseeing the company's information security strategies, policies, and programs across all departments.

The Director will also be instrumental in ensuring compliance with key regulatory standards, including PCI-DSS, SOC 1, and SOC 2 audits, while fostering a culture of security throughout the organization.

The role will require a deep understanding of risk management, incident response, cybersecurity, IT compliance, and business continuity planning.

Primary Responsibilities :.

IT Information Security Strategy & Governance.

- Lead the development, implementation, and maintenance of organization-wide IT information security policies, procedures, and Standard Operating Procedures (SOPs) to mitigate risks across informational, financial, physical, and reputational assets.

- Collaborate with executive leadership to define and implement information security strategies aligned with the business goals and risk management priorities.

- Manage the organization's Information Security Program, ensuring adherence to industry standards, best practices and compliance requirements (e.g PCI, SOC 1, SOC 2).

- Define and track security metrics to measure the success of the security program and communicate these to the CTO, executive leadership, and other stakeholders.

- Provide status reports on the progress of information security, compliance, business continuity planning (BCP), and disaster recovery initiatives.

Risk Management, Assessment, & Incident Response :

- Develop and execute strategies to identify, assess, and mitigate security risks (both domestic and international) to safeguard the organization from cyber threats and attacks.

- Lead risk assessments and vulnerability management processes, ensuring formal assessments are conducted regularly, with actionable reports and analyses shared with executive leadership.

- Design and implement a NIST-based Incident Management and Response Program to respond to security incidents swiftly and minimize business disruption.

- Manage the organization's security incident response program, leading prevention, investigation, mitigation, and reporting efforts.

Security Education & Culture :

- Serve as the subject matter expert on all matters related to IT security, cyber security, and data protection, providing guidance to the CTO and other key stakeholders.

- Work closely with operations, legal, and compliance teams to create and execute a comprehensive security awareness program, aimed at building a security-conscious culture throughout the organization.

- Develop and promote continuous information security education programs to ensure all staff members are equipped with the necessary knowledge and skills to protect the company's information assets.

Security Infrastructure & Technology Implementation :

- Lead a team to research, design, and deploy cutting-edge security technologies and solutions, ensuring robust protection of enterprise systems, data, and intellectual property.

- Establish and promote security by design principles with application development teams to integrate security practices within the organization's software architecture.

- Collaborate with leadership to prioritize security initiatives, ensuring alignment with business objectives and risk management methodologies.

- Oversee vendor relationships related to security technologies, ensuring SLAs are met and that third-party solutions align with organizational needs.

Manage 24x7 SECaaS SOC vendor relationship and operation.

- Ensure organization's enterprise IT assets are registered with and logging to vendor's SIEM solution.

- Ensure vendor's SIEM solution is ingesting, synthesizing, and reporting on potential security threats and IOCs and alerting timely of any concerns.

- Monitor the external and global threat environment for emerging threats and advise relevant stakeholders on the appropriate course of action.

IT Compliance, Governance and Audits :

- Manage third-party operational and IT compliance audits (e.g, SOC 1, SOC 2, PCI-DSS), ensuring successful completion without exceptions.

- Ensure adherence to local, national, and international regulatory requirements related to privacy and data protection (GDPR, HIPAA, etc.

- Facilitate compliance reporting, manage audit requests, and maintain an effective internal audit strategy to verify that all security controls and processes meet required standards.

IT Staff Leadership & Development :

- Direct and manage the day-to-day functions of the Information Security team, ensuring efficient operations, proper workload distribution, and successful project implementation.

- Lead and mentor team members, fostering growth and career development while ensuring that all security staff maintain high levels of performance and job satisfaction.

- Hire, train, and manage key security personnel, including managers, and engineers, to build a robust security team capable of meeting the evolving needs of the organization.

- Collaborate with the CTO to define annual goals for the IT Information Security department and lead direct reports to ensure these goals are achieved.

Business Continuity & Disaster Recovery Planning :

- Develop a comprehensive Disaster Recovery and Business Continuity Plan (BCP/DRP), encompassing enterprise-wide organization, staff, functions, operations and systems to ensure uninterrupted business operations in the event of disaster or disruption.

- Collaborate with IT Operations and Infrastructure teams to implement failover systems that enable business continuity during a disaster.

- Implement an enterprise scale BCP failover test of the BCP/DR plan to ensure capability of the plan and solution and capability for successful failover.

- Orchestrate and manage execution of the plan at least annually.

Position Requirements :

- 15+ years of relevant experience in Information Technology.

- 10+ years must be directly related to IT information security (at least five years in a senior leadership role).

- Currently serving in a Directory of Information Security or equivalent role.

- 5+ years of management and leadership experience in Information Security or a related field.

- Experienced and proficient in PCI-DSS AOC/ROC and SOC 2 Type 2 compliance audits.

- Hands-on experience in leading incident response activities for security events.

- Expertise in a variety of multifactor authentication platforms and other relevant access management technologies.

- Broad practical experience in security software and technologies such as Mobile Device Management (MDM), Privileged Access Management (PAM), Multifactor Authentication (MFA), and Virtual Machine (VM) environments, etc.

- In-depth knowledge of best practices for IT security hardware and software, including Firewalls, IDS/IPS, Application and Content URL Filtering, VPN, Authentication, and Encryption.

- Proven track record in developing, managing, and implementing effective information security policies, procedures, and frameworks, as well as successfully implementing solutions to enforce them.

- At least one professional/industry certification : CISSP preferred, CISM, CISA, CIPP, CIPT, CRISC.

Soft Skills :.

- Excellent written and verbal communication skills, with the ability to communicate information security and risk-related concepts to both technical and non-technical audiences.

- Self-disciplined with a high level of personal integrity, credibility, and the ability to professionally handle confidential matters and any conflicts with appropriate judgment and maturity.

- A critical thinker with proven analytical ability to solve complex business and technical problems.

- Highly articulate with outstanding interpersonal, written, and verbal communication skills, along with a strong executive presence.

- Proven ability to work and deliver in a fast-paced environment with multiple/competing priorities, requiring strong project management and swift decision-making capabilities.

- Ability to effectively communicate at all levels, from executive leadership to individual contributors.

Company Overview :

As a fintech leader, Vervent sets the global standard for outperformance by delivering superior expertise, future-built technology, and meaningful services.

We support our industry-leading partners with primary strategic services and our goal is to empower companies to accelerate business, drive compliance, and maximize service.

Founded in 1986, purchased by current CEO, David Johnson, in 2008 Privately owned by Stone Point Capital, Vervent Management and other passive investors.

Lines of Business :.

Primary Servicing - Loan, Credit Card & Lease.

Capital Markets Services - Backup Servicing, Verifications,.

Collateral Management, Structured Settlements, etc.

Credit Card Programs - within the Vervent Card Division we offer a) Captive Credit Card Programs (secured and unsecured) b) Managed Card Services.

Global Service Operations supports all divisions to facilitate servicing and card program management Clients include consumer and small business "marketplace" lenders, finance companies, leasing companies, insurance companies, captive finance companies, alternative capital providers, consumers and banks Vervent services ~$150 billion in assets as a primary and backup servicer.

It also manages ~1 million consumer credit cards.

Locations : San Diego, Baja, Portland, Sioux Falls, Philippines, India.