Chief Information Security Officer
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Chief Information Security Officer will define the overall strategy and direction for the global Information Security and Disaster Recovery programs. This individual will be responsible for ensuring the confidentiality, integrity and availability of our information and preventing damage to our brand/reputation. This individual will also ensure continued compliance with applicable client/regulatory audits and communicate major risks to executive management. A large part of this role will be spent directly working with and areas of the business and technology teams. This position is based in our Chicago office.
Responsibilities:
• Set strategic direction for global Information Security (security operations, application security, IT risk/compliance), Privacy and Disaster Recovery programs in 27 countries
• Set security direction for public cloud transition
• Regularly interface with major clients, governmental agencies and internal business leaders on information security program
• Lead the privacy and security advisory council responsible for reviewing and making decisions on enterprise risk
• Regularly present security and disaster recovery roadmaps, risks and metrics to executive management
• Align security program to best practice frameworks and standards – ISO 27000 series, NIST SP800 series, COBIT, etc.
• Achieve audit certifications for major products and strategic initiatives related to SSAE 16/18 SOC1, SOC2, PCI-DSS and Sarbanes Oxley (SOX)
• Secure and protect information processed by our applications and infrastructure
• Partner with the business to solve security problems in a meaningful and non-disruptive way
• Manage and maintain information security budget
• Create world class monitoring and detection capabilities
• Perform other duties as required
Requirements:
• A bachelor’s degree in computer science, engineering, mathematics or a related discipline
• 12+ years’ experience in Information Security or related discipline
• Experience with public cloud security, platforms and services
• Highly technical background with a hands on leadership style
• Strong understanding of common industry best practices (e.g. ISO 27000 series, NIST SP 800 series, PCI, SOC 2, etc.)
• Ability to understand business drivers and integrate these requirements into overall security architecture and design
• Excellent communication skills and the ability to manage multiple projects simultaneously
• CISA, CISSP certification is a plus
• Must be willing to work extended hours
001_MstarInc Morningstar Inc. Legal Entity