InfoSec Policy Management & Compliance Head

Why USAA?

At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families.

Embrace a fulfilling career at USAA, where our core values – honesty, integrity, loyalty and service – define how we treat each other and our members. Be part of what truly makes us special and impactful.

The Opportunity

As a dedicated InfoSec Policy Management & Compliance Head, you will demonstrate strategic cyber security thought leadership and applies technical subject-matter-expertise to produce innovative information security and cyber security solutions towards complex work deliverables. Leads broad functional and enterprise projects and participates as a subject-matter-expert on key enterprise and portfolio level initiatives. Anticipates, identifies, and solutions information security and cyber security countermeasures to threats stemming from emergent technologies and business activities. Uses depth and breadth of distinct technical knowledge and experience to research, architect, influence, and integrate highly complex information security and cyber security solutions into technology initiatives aligned to USAA's mission, brand, and strategic priorities.

We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in one of the following locations: San Antonio, TX, Plano, TX, Phoenix, AZ, Colorado Springs, CO, Charlotte, NC, Chesapeake, VA or Tampa, FL. Relocation assistance is available for this position.

What you'll do:

• Serves as a system engineer, anticipates operational inefficiencies and potential information security risks, and drives solutions architecture for large complex systems or networks, with a focus on handling vulnerabilities and reducing risk of system and/or asset compromises.

• Leads the design of secure scalable infrastructure across multiple domains and portfolios including the creation and enforcement of the standards for system change across USAA.

• Reserves execution for the most complex implementations, influences service delivery and maintenance task automation across multiple domains and drives monitoring and tooling at the portfolio level.

• Serves as a trusted advisor and leads multi-functional, matrixed delivery teams across a variety of technical domains to solve highly complex and high value Information Security related business problems and decrease the time to market of critical business decisions that impact the overall security posture and health of USAA.

• Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk.

• Oversees risk and compliance self-assessments and leads internal and external risk and compliance assessments.

• Collaborate with external regulators to represent USAA in discussions regarding their specific information security technical domains.

• Collaborates with and influences senior level executive leaders on the most appropriate and feasible approach for handling information security-based risk and compliance issues.

• Analyzes and oversees the development of information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security use and operation of information systems.

• Owns operational information and cyber security decisions across USAA including identifying, planning, and applying advanced security concepts and principles.

• Builds prototypes and proofs of concept to demonstrate feasibility for new, emerging and innovative security technologies, and influences enterprise prioritization for implementation.

• Anticipates and translates business and security objectives into achievable controls, including developing and overseeing the technical implementation of those controls.

• Leads, mentors and inspires USAA Information Security experts while raising the security quotient of technology teams, senior leadership, executives and business partners.

• Actively seeks opportunities to advance professional development through participation in industry organizations, writing security publications, pursuing educational opportunities, establishing personal networks and participating in professional societies and publications.

• Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures.

What you have:

• Bachelor’s Degree in Information Security, Information Technology, Computer Science, Information Systems/Management or related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree.

• 10 years of related experience in Information Security, Cybersecurity and/or Information Technology in a large organization, major consulting firm or US military.

• 6 years’ experience leading highly complex portfolios, programs or projects in Information Security, Cybersecurity and/or Information Technology with accountability for ensuring compliance with federal/state/regulatory information security and risk management policies, standards, and guidelines.

• 4 years’ of demonstrated technical leadership and/or leading teams required with deep knowledge in one or more information security domains, e.g.: Identity Protections, Data Protections, Infrastructure Protections, or Monitoring and Response.

• Advanced knowledge of emerging and/or evolution of existing security technologies.

• Mastery of complex system and environment analysis, design, optimization, and hardening.

• Demonstrated ability to understand and integrate enterprise level goals, objectives, and requirements into the security decisioning process.

• Deep technical knowledge, expertise and practical application experience required in successfully applying Information Security and/or Cybersecurity theories, techniques and/or technologies to a financial services and/or business operations environment.

• Extensive experience in delivering modern security infrastructure solutions to support and enable the organization, this includes support of new applications of technology, and Information Technology business models in support of emerging workforce needs.

• Mastery of Information Security and/or Cybersecurity consulting skills to include gathering and synthesizing business and technical requirements and communicating and/or facilitating constructive opportunities to a variety of audience levels and without direct authority.

• Exceptional relationship management building skills which includes the ability to effectively collaborate, communicate and develop high trust relationships across all levels of an organization, to include senior level executive leaders.

• Extensive experience explaining and influencing complex technology decisions to both technical and nontechnical audiences at all levels in the organization and with multi-functional and enterprise teams.

• Advanced solutions engineering and troubleshooting skills as well as deep experience with and knowledgeable of secure architectures, engineering, and design principles.

What sets you apart:

• 10+ years of hands-on experience leading teams - developing and handling InfoSec policies, standards, and other program documents e.g. WISP to align with Industry standards, as well as governance of approvals and exceptions.

• Experience in building and handling a reference library of requirements driving the InfoSec program, including reference to standards, regulations, control.

• Experience in conducting regulatory assessment (e.g. GLBA, NYDFS, HIPAA, DORA etc.) and conducting InfoSec program maturity assessments using industry standard benchmarking frameworks e.g. FFIEC, CRI by examining applicable InfoSec control design and operating effectiveness.

• Experience building strong working partnerships with IT teams, 2nd and 3rd Line Of Defense teams.

• Experience with other InfoSec governance risk and compliance functions, and Operational functions (e.g. Access Management, Data Protection, Cyber Operations etc.) is a strong plus.

• Strong people and function leadership, and excellent communication and presentation skills.

Compensation range: The salary range for this position is: $189,370.00 - $361,950.00.

USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.).

Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location.

Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors.

The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.

Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals.

For more details on our outstanding benefits, visit our benefits page on USAAjobs.com.

Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting.

USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.