JOB PURPOSE:

The Vice President and Chief Information Security Officer provides the guidance and leadership necessary for Rent-A-Center to manage the risks to the confidentiality, integrity, compliance, and availability of the organization's intellectual property, information systems and technology assets. The CISO is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, and regulatory requirements satisfied. A key element of this role is communicating security at a strategic level to Executive Management, the Audit Committee, and the Board of Directors and evangelizing security across the business to drive adoption of security and compliance best practices.

KEY RESPONSIBILITIES:

• Develop and implement a strategic, long-term information security strategy and roadmap to ensure that Rent-A-Center’s information assets are adequately protected.
• Work with senior leaders across the business to assess and communicate acceptable levels of risk.
• Identify, evaluate, action and report on information security risks, practices and projects to the Executive Committee and the Board of Directors, and provide subject matter expertise on security standards and best practices (e.g. SOX, PCI, etc.).
• Develop, mentor, and manage a high performing staff of information security professionals.
• Chair the cross functional Cyber Security Steering Committee
• Develop the Board’s understanding of security beyond a ‘compliance-only’ view.
• Lead the development of up-to-date information security policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.
• Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements.
• Act as the champion for the enterprise information security program and foster a security-aware culture.
• Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
• Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
• Manage regular intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes.
• Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.
• Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
• Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.
• Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third party risk.
• Oversee the activities of the information security staff to include staffing levels, budgets, financial goals and workflow.
• Builds a shared cyber vision with others and acts as a catalyst of organizational change.
• Able to navigate and contribute to Rent-A-Center’s dynamic officer community, challenging where appropriate for the success of Rent-A-Center and our customers.
• Drives a culture of community and inclusion across IT and the greater organization.
• Advances RAC’s Mission of “Improving the quality of life for our coworkers and our customers.”
• Ensuring the company’s technological processes and service comply with all requirements, laws, and regulations.

REQUIREMENTS:

• At least 10 years of experience working in a technology environment
• Experience developing and implementing structure and best practices while maximizing productivity in a fast growing corporate environment.
• Extensive knowledge of business risk, risk assessment and risk-based decision making.
• Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including board level.
• A natural influencer and coalition builder; passionate about building high performing teams.
• Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals; an innovative leader, problem solver and consultant.
• Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
• Excellent written and verbal communication, interpersonal and collaborative skills.
• Experienced with contract and vendor negotiations.
• Ability to effectively prioritize and execute tasks in high-pressure situations.
• Knowledge of security, risk and control frameworks and standards
• Understanding of cloud, SaaS, and IoT architectures, and their implications on information security strategy.
• Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next gen mobile, network architecture, enterprise architecture, and directory services.
• Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, multi factor authentication.
• Ability to handle confidential matters