Jobs · Information Technology · Delaware

SVP, Head of Security Technology

Berkley Technology Services · Wilmington, Delaware, United States · 1 wk ago
Information TechnologyFull-time

Responsibilities

  • Report to the CISO and lead the strategic execution across a team of security directors, managers, architects, engineers and analysts across multiple security technology disciplines.
  • Security Architecture:
    • Define enterprise security architecture strategy, standards, and roadmaps.
    • Embed secure-by-design principles across cloud, applications, data, and AI.
    • Establish reusable design patterns and reduce exception-based approvals.
    • Integrate security into transformation and modernization efforts.
    • Lead Zero Trust security architecture strategy and adoption across identity, network, application, and data layers.
    • Establish reference architectures for multi-cloud and hybrid environments, including CNAPP, CIEM, and data protection controls.
  • Security Engineering:
    • Lead engineering and lifecycle management of security platforms and controls.
    • Standardize tooling and reduce manual processes through automation.
    • Improve platform resilience, telemetry, and service performance.
    • Transition to a product and platform-based security engineering model with defined service ownership, SLAs, and performance metrics.
    • Drive rationalization of security tools and vendors to reduce cost and complexity while improving capability coverage.
  • Identity and Access Management (IAM):
    • Lead and own overarching IAM strategy and lifecycle governance, including provisioning (joiners), access changes (movers), de-provisioning (leavers).
    • Enhance user access reviews and certifications.
    • Implement, enhance and automate segregation of duties (SoD) monitoring and governance.
    • Design and implement role and entitlement management capabilities.
    • Enable access-related compliance and audit readiness in preparation for continuous control monitoring and assessment in alignment with Governance Risk and Control Function.
    • Integrate IAM with HR, applications, and enterprise platforms.
    • Enhance privileged access management and management of non-human identities in preparation for advanced agentic AI capabilities.
    • Advance privileged access, machine identity, and non-human identity security in support of automation, cloud, and AI use cases.
    • Implement identity-centric Zero Trust controls and continuous authentication models.
  • Continuous Threat and Exposure Management (CTEM):
    • Transform vulnerability, attack surface, and application security into a unified CTEM function.
    • Implement continuous, threat-informed prioritization of exposures.
    • Align findings to asset criticality and business risk.
    • Improve remediation effectiveness and reduce exploitable attack paths.
    • Enhance asset visibility, ownership clarity, and dependency mapping.
    • Partner with Security Operations and Security Incident and Response functions to coordinate a unified approach across teams.
    • Define measurable outcomes such as reduction in attack surface, time-to-remediation, and control effectiveness.
  • AI and Automation Enablement:
    • Deploy AI and analytics to improve prioritization and decision-making.
    • Automate repetitive security processes and control validation.
    • Enhance reporting, telemetry, and audit evidence generation.
    • Partner with Head of Security AI to establish secure AI lifecycle practices, including model governance, data protection, prompt security, and third-party AI risk management.
    • Partner with Head of Security Operations to leverage AI to enhance threat detection, anomaly identification, and predictive risk analytics.
  • DevSecOps and Secure Development:
    • Embed security into the software development lifecycle (SDLC), CI/CD pipelines, and developer workflows.
    • Partner with engineering teams to implement scalable DevSecOps practices and developer-friendly security tooling.
  • Operating Model, Leadership And Other Requirements:
    • Establish a global operating model with clear accountability, service ownership, and capability maturity roadmaps.
    • Develop business cases tied to measurable risk reduction, operational efficiency, and cost optimization.
    • Partner with executive leadership and provide board-level reporting on security posture, risk trends, and investment impact.
    • Technology first leader with very strong interpersonal skills with demonstrated ability to build and maintain strong relationships and partnerships vertically and horizontally across a mix of business, technology, legal, HR, risk and audit leaders and practitioners.
    • Define core requirements that evidence demonstrable risk reduction and can be measured using KPIs/KRIs in conjunction with the metrics and analytics program.
    • Drive roadmap, investment prioritization, and tool rationalization.
    • Drive budgetary discipline through management of finances, including the build of defendable business cases.
    • Lead and develop high-performing, multi-disciplinary teams in a positive and respectful capacity leading to high engagement across all disciplines.
    • Organically improve the security posture of the organization by ensuring the incorporation of secure principles into every phase of the design, development, deployment, and operation of systems and solutions.
    • Absorb and provide top-level support as needed on security and operational related issues.
    • Represent information security interests on various project teams and special assignments as directed.
    • Provide top-level on-call support as required for this type of role, which is factored into the compensation for this role.
    • Partner with Security Operations and Incident Response to improve cyber resilience, recovery readiness, and crisis response integration.
    • Ensure alignment with enterprise risk management and regulatory expectations through continuous control monitoring.

Qualifications

  • 1 5 + years’ experience in a cybersecurity role with at least 5 as head of senior most security architect.
  • Previous and progressive experience in a technical security leadership position.
  • Demonstrated experience modernizing security organizations (tool consolidation, automation, operating model redesign).
  • Strong expertise in cloud-native security, Zero Trust, IAM, and CTEM practices.
  • Experience integrating cybersecurity with AI/ML technologies and governance frameworks.
  • Strong strategic thinking and decision-making capabilities.
  • Track record of delivering measurable improvements in risk reduction, efficiency, and security posture.
  • Disciplined thinker with structured approach to security architecture and strategic planning.
  • Inherent intellectual capability and curiosity to learn complex processes.
  • Proven thought leadership, strategic thinking and decision-making.
  • Prominent analytical and problem-solving skills with the capability to identify solutions to unusual and complex problems.
  • CISSP certification is strongly preferred.
  • Direct security related AI, networking , infrastructure , cloud, operating system, development , cloud, database experience is required.
  • Must be able to demonstrate proficiency in a wide range of security technologies, embedded security, and network platforms – in a global institution.
  • Ability to balance multiple priorities in high pressure situations.
  • Project , portfolio and resource management experience is required.
  • Willingness to travel (Domestic and International) as required, but not to exceed 30–40%.

Similar jobs

Head of Security & IT

ProtegeUnited States· 2 mo ago
RemoteInformation Technologyapply on jobs.ashbyhq.com