SVP, Head of Security Technology
Berkley Technology Services · Wilmington, Delaware, United States · 1 wk ago
Information TechnologyFull-time
Responsibilities
- Report to the CISO and lead the strategic execution across a team of security directors, managers, architects, engineers and analysts across multiple security technology disciplines.
- Security Architecture:
- Define enterprise security architecture strategy, standards, and roadmaps.
- Embed secure-by-design principles across cloud, applications, data, and AI.
- Establish reusable design patterns and reduce exception-based approvals.
- Integrate security into transformation and modernization efforts.
- Lead Zero Trust security architecture strategy and adoption across identity, network, application, and data layers.
- Establish reference architectures for multi-cloud and hybrid environments, including CNAPP, CIEM, and data protection controls.
- Security Engineering:
- Lead engineering and lifecycle management of security platforms and controls.
- Standardize tooling and reduce manual processes through automation.
- Improve platform resilience, telemetry, and service performance.
- Transition to a product and platform-based security engineering model with defined service ownership, SLAs, and performance metrics.
- Drive rationalization of security tools and vendors to reduce cost and complexity while improving capability coverage.
- Identity and Access Management (IAM):
- Lead and own overarching IAM strategy and lifecycle governance, including provisioning (joiners), access changes (movers), de-provisioning (leavers).
- Enhance user access reviews and certifications.
- Implement, enhance and automate segregation of duties (SoD) monitoring and governance.
- Design and implement role and entitlement management capabilities.
- Enable access-related compliance and audit readiness in preparation for continuous control monitoring and assessment in alignment with Governance Risk and Control Function.
- Integrate IAM with HR, applications, and enterprise platforms.
- Enhance privileged access management and management of non-human identities in preparation for advanced agentic AI capabilities.
- Advance privileged access, machine identity, and non-human identity security in support of automation, cloud, and AI use cases.
- Implement identity-centric Zero Trust controls and continuous authentication models.
- Continuous Threat and Exposure Management (CTEM):
- Transform vulnerability, attack surface, and application security into a unified CTEM function.
- Implement continuous, threat-informed prioritization of exposures.
- Align findings to asset criticality and business risk.
- Improve remediation effectiveness and reduce exploitable attack paths.
- Enhance asset visibility, ownership clarity, and dependency mapping.
- Partner with Security Operations and Security Incident and Response functions to coordinate a unified approach across teams.
- Define measurable outcomes such as reduction in attack surface, time-to-remediation, and control effectiveness.
- AI and Automation Enablement:
- Deploy AI and analytics to improve prioritization and decision-making.
- Automate repetitive security processes and control validation.
- Enhance reporting, telemetry, and audit evidence generation.
- Partner with Head of Security AI to establish secure AI lifecycle practices, including model governance, data protection, prompt security, and third-party AI risk management.
- Partner with Head of Security Operations to leverage AI to enhance threat detection, anomaly identification, and predictive risk analytics.
- DevSecOps and Secure Development:
- Embed security into the software development lifecycle (SDLC), CI/CD pipelines, and developer workflows.
- Partner with engineering teams to implement scalable DevSecOps practices and developer-friendly security tooling.
- Operating Model, Leadership And Other Requirements:
- Establish a global operating model with clear accountability, service ownership, and capability maturity roadmaps.
- Develop business cases tied to measurable risk reduction, operational efficiency, and cost optimization.
- Partner with executive leadership and provide board-level reporting on security posture, risk trends, and investment impact.
- Technology first leader with very strong interpersonal skills with demonstrated ability to build and maintain strong relationships and partnerships vertically and horizontally across a mix of business, technology, legal, HR, risk and audit leaders and practitioners.
- Define core requirements that evidence demonstrable risk reduction and can be measured using KPIs/KRIs in conjunction with the metrics and analytics program.
- Drive roadmap, investment prioritization, and tool rationalization.
- Drive budgetary discipline through management of finances, including the build of defendable business cases.
- Lead and develop high-performing, multi-disciplinary teams in a positive and respectful capacity leading to high engagement across all disciplines.
- Organically improve the security posture of the organization by ensuring the incorporation of secure principles into every phase of the design, development, deployment, and operation of systems and solutions.
- Absorb and provide top-level support as needed on security and operational related issues.
- Represent information security interests on various project teams and special assignments as directed.
- Provide top-level on-call support as required for this type of role, which is factored into the compensation for this role.
- Partner with Security Operations and Incident Response to improve cyber resilience, recovery readiness, and crisis response integration.
- Ensure alignment with enterprise risk management and regulatory expectations through continuous control monitoring.
Qualifications
- 1 5 + years’ experience in a cybersecurity role with at least 5 as head of senior most security architect.
- Previous and progressive experience in a technical security leadership position.
- Demonstrated experience modernizing security organizations (tool consolidation, automation, operating model redesign).
- Strong expertise in cloud-native security, Zero Trust, IAM, and CTEM practices.
- Experience integrating cybersecurity with AI/ML technologies and governance frameworks.
- Strong strategic thinking and decision-making capabilities.
- Track record of delivering measurable improvements in risk reduction, efficiency, and security posture.
- Disciplined thinker with structured approach to security architecture and strategic planning.
- Inherent intellectual capability and curiosity to learn complex processes.
- Proven thought leadership, strategic thinking and decision-making.
- Prominent analytical and problem-solving skills with the capability to identify solutions to unusual and complex problems.
- CISSP certification is strongly preferred.
- Direct security related AI, networking , infrastructure , cloud, operating system, development , cloud, database experience is required.
- Must be able to demonstrate proficiency in a wide range of security technologies, embedded security, and network platforms – in a global institution.
- Ability to balance multiple priorities in high pressure situations.
- Project , portfolio and resource management experience is required.
- Willingness to travel (Domestic and International) as required, but not to exceed 30–40%.