Information Security Director - Governance and Risk (Hybrid- Onsite)

Company Summary

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

Job Summary

Reporting to the Deputy CISO, the candidate will be responsible for assessing and reporting on Information Security and Technology risk management related activities.  Manages three teams: Audit Management, ServiceNow Governance Risk and Compliance Product Management, and Controls Governance. Responsible for developing, designing, and implementing Information Security Governance and Risk program initiatives.

This role is hybrid in office two days a week in Santa Ana, CA.

Essential Functions

• Oversees the development and execution of the self-assessment program to evaluate areas of risk or concern based on regulatory, customer, internal and best practice requirements across the enterprise.
• Advise management on the design and implementation of control activities that reduce risk, add value, and mature the control environment.
• Oversees the maturation of the ServiceNow Governance, Risk and Compliance tool and supporting KPI/KRI dashboards to facilitate risk prioritization and articulation for the enterprise.
• Oversee the Information Security response for hundreds of audits from various sources including external audit (SOX/SOC2), Internal Audit, regulators, and customers. 
• Facilitate Information Security SOX and SOC2 reporting for the enterprise.
• Maintain an understanding of changes in regulatory landscape impacting the business and IT.
• Provide excellent customer service in support of program activities.
• Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties.
• Oversee the maintenance and update of the Governance and Risk program documents
• Provide subject matter expertise and guidance for Information Security policies and standards.
• Supports the facilitation of the annual Information Security and Technology risk assessment.
• Responsible for all Governance & Risk program deliverables.
• Manages technical professionals (typically skilled exempt level employees) who have responsibility for operations and project outcomes. Provides direct and indirect supervision of teams.
• Sets priorities on daily operations, provides input to, and administers cost center spending, participates in long-range departmental planning, recommends control methodologies and frameworks.
• Authorizes projects, approves project designs and cost estimates. Reports projects’ status and critical issues to Information Security senior management.
• Sets objectives and priorities and ensures the effective allocation and use of department resources.
• Develops and administers department budget with input from work group managers.
• Develops long-range plan for the department and is a key participant in strategic planning for the Information Security function. Translates strategic goals and priorities into technical strategies and objectives for his/her department.
• Introduces best practices and ensures the timeliness, quality, and consistency of his/her department’s delivery of products and services.
• Coordinates activities and efforts among different internal organizational groups, customers, and vendors.
• Prepares and maintains job descriptions for positions that report to him/her.
• Writes and conducts performance reviews, provides ongoing performance feedback. Establishes salary budget and approves salary increases. Makes hiring decisions.
• Frequently interfaces with executives inside and outside the company to make operational and project-related decisions, to resolve critical issues, to gather industry and competitive information and to foster a productive professional network.
• Required to perform duties outside of normal work hours based on business needs.

Knowledge and Skills/Technology Used

• Leadership: Ability to communicate function vision and establish aligned direction and goals for his/her department. Obtains and effectively allocates resources. Creates systems to measure results. Has in-depth understanding of competitor, financial and industry dynamics. 
• Teamwork: Ability to establish and maintain effective working relationships at the senior management level across functional groups and business units. Ability to change the thinking of, or gain acceptance from, others in sensitive situations, using influence and preventing damage to the relationship. Actively recruits, retains, and develops talent and holds employees accountable for results. Translates vision into action, leads change, and inspires people to get results.
• Integrity: Deals with others in an honest manner, assures adherence to company policies, and addresses questionable business practices.
• Service: Drives and models customer loyalty, manages customer expectations, uses customer feedback to establish department goals, and ensures commitments are met.
• Commitment: Successful track record designing, developing, and executing critical complex projects in more than one area of functional expertise. Provides others with reliable information, delivers informative and persuasive presentations. Uses good listening skills and negotiates effectively.

Typical Education

• BA/BS degree in Computer Information Systems, Computer Science or equivalent experience is required. Training courses, seminars, certifications, or other security related education experience preferred

Typical Range of Experience

• 5+ years of technical experience as a senior contributor
• 8+ years of management experience in a similar technical and business environment

License or Certification

• CISSP (Certified Information Systems Security Certified Professional) preferred

Pay Range: $116,820 - $210,000 annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

First American invests in its employees' development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.