VP of Cybersecurity & Information Security
Mariner Finance · Eagan, MN · 1 wk ago
On-siteInformation Technology$160k/yrFull-time
About the role
Join Mariner Finance! Since 1927, the Mariner Finance family of companies has provided customers with creative, flexible, and convenient lending options. Headquartered in Baltimore, Mariner Finance operates coast-to-coast with physical locations in over half the states. With a growing number of employees, superior customer service remains the cornerstone of our business, and we pride ourselves in delivering a variety of loans with an enhanced focus on exceptional service. We work with customers to find options that are beneficial to their specific needs, which is why we are recognized by our customers as one of the community’s consumer finance companies of choice.
Responsibilities
- Lead and manage Cybersecurity and Information Security functions, including Security Engineering & Operations and IT Risk & Compliance.
- Serve as a key advisor to senior leadership on matters of strategic and operational security importance, influencing decision-making and driving proactive initiatives that strengthen the company’s security posture, risk management practices, regulatory compliance, and business resilience.
- Develop and execute Cybersecurity and Information Security strategies aligned with business goals, risk appetite, regulatory requirements, and the evolving threat landscape.
- Build and operate a metric-driven Cybersecurity and Information Security organization, defining KPIs that measure risk reduction, control effectiveness, operational performance, incident response, identity security, cloud security, and compliance posture.
- Oversee security engineering teams responsible for security platforms, tooling, architecture, and integrations across endpoint, network, cloud, identity, and platform environments.
- Manage security operations, including threat monitoring, event detection, incident response, investigations, and continuous improvement of detection and response capabilities.
- Oversee identity security capabilities, including identity and access management, privileged access management, identity governance, Zero Trust initiatives, and privileged access controls.
- Oversee cloud and platform security capabilities, including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and partnership on cloud governance.
- Partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle, enable secure engineering practices, support shared platform governance, and drive secure-by-design delivery.
- Stay abreast of the evolving threat landscape, emerging attack vectors, and advancements in security technologies, continuously adapting the organization’s security posture.
- Advise technology, development, engineering, and business partners on security best practices, architectural patterns, and risk-based decision-making, providing ongoing oversight and guidance.
- Establish and operate a risk-based cybersecurity program aligned to business priorities, regulatory expectations, and the evolving threat landscape.
- Oversee the IT Risk function, including coordination of security audits, penetration testing, third-party assessments, control validation, and remediation tracking.
- Ensure compliance with regulatory and industry standards, including PCI DSS and ISO 27001, with ownership of audits, control validation, and remediation efforts.
- Drive timely and effective remediation of vulnerabilities, audit findings, control gaps, identity risks, cloud security risks, and security issues across the enterprise.
- Establish and maintain security policies, standards, control frameworks, and governance practices that support business, regulatory, technology, and risk management objectives.
- Implement and enhance continuous monitoring, detection, response, and reporting capabilities to proactively identify and address security risks.
- Lead continual optimization of security technologies, tooling, platforms, and resource utilization to improve effectiveness and reduce cost.
- Drive a bias toward automation and technology-first solutions, reducing manual processes and increasing scalability across Cybersecurity and Information Security functions.
- Leverage automation and AI capabilities to enhance threat detection, accelerate response, improve risk analysis, strengthen security operations, and scale security program capabilities.
- Manage security vendor relationships, contracts, service performance, and cost optimization across tools, services, and third-party providers.
- Provide executive-level reporting on security posture, risks, incidents, identity security, cloud security, control effectiveness, remediation progress, and compliance status.
- Develop and manage the Cybersecurity and Information Security budget, including tools, services, staffing, and vendor spend, optimizing cost efficiency while maintaining or improving program effectiveness.
- Establish strong, business-oriented partnerships across functions, ensuring Cybersecurity and Information Security enables and protects business outcomes and priorities.
- Share knowledge, mentor, and educate stakeholders with regard to the company’s Cybersecurity and Information Security initiatives, opportunities, risks, and challenges.
- Perform additional duties as assigned to support evolving business needs.
Qualifications
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field; applicable years of experience may be substituted for a bachelor’s degree.
- Twelve (12) years of experience in the Information Technology field with significant leadership experience in cybersecurity, information security, or related security functions.
- Three (3) years of managerial experience leading or overseeing Security Operations, Security Engineering, IT Risk, Compliance, Identity Security, Cloud Security, DevSecOps, or related cybersecurity and information security functions, working in capacities with decision-making authority and responsibility for coordinating, delegating, and managing operational activities.
- CISSP, CISM, or an equivalent information security certification.
- Extensive experience managing security technologies, including SIEM, EDR, IAM, PAM, vulnerability management, cloud security, and network security tools.
- Demonstrated experience with identity security capabilities, including identity and access management, privileged access management, identity governance, Zero Trust initiatives, and privileged access controls.
- Demonstrated experience with cloud and platform security capabilities, including cloud security architecture, DevSecOps enablement, infrastructure-as-code security, container/runtime security, and cloud governance partnership.
- Demonstrated ability to partner with enterprise engineering, development, platform, and technology teams to integrate security into the software development lifecycle, support engineering enablement, strengthen shared platform governance, and promote secure-by-design delivery.
- Demonstrated success managing audits, penetration testing programs, and enterprise remediation efforts.
- Experience building and operating incident response and investigation capabilities.
- Proven ability to align cybersecurity and information security strategies, programs, and initiatives with business priorities, risk appetite, regulatory requirements, and measurable outcomes.
- Strong experience with regulatory frameworks and compliance standards, including PCI DSS and ISO 27001.
- Demonstrated financial discipline in managing operational budgets, vendor costs, resource utilization, and cost optimization initiatives.
- Demonstrated success building metric-driven security programs with measurable improvements in risk posture and operational performance.
- Proven ability to support and enhance team performance, promote engagement, and cultivate the professional development of team members.
- Demonstrated proficiency in leading through change, executing on major initiatives, and leading cross-departmental work.
- Strong experience managing vendors, contracts, third parties, service performance, and costs across Cybersecurity, Information Security, and IT Risk functions.
- Ability to work effectively, manage complex projects, and multitask successfully in a dynamic, fast-paced, and complex business environment.
- Strong decision-making and negotiation skills with the ability to use expertise to influence on matters of strategic importance.
- Ability to foster strong relationships, influence, coach, and partner with all levels across the organization.
- Ability to articulate complex information in understandable terms to various audiences.
- Comfortable presenting data to all levels of leadership and across business functions.
- Highest level of reliability, flexibility, and dedication with the ability to adapt quickly to changing priorities and timelines.
- Excellent interpersonal skills necessary to communicate professionally and effectively, verbally and in writing, with regulatory agencies, vendors, customers, and all levels of company staff.