Chief Information Security Officer

Business Unit:Global Technology
Salary Range:$240,000 USD - $300,000 USD

Specific compensation will be based on candidate’s experience, skills, qualifications, commercial considerations, and other job-related factors permitted by law. At Russell Investments, salary is just one part of our compensation package. Our total rewards approach includes an annual performance bonus (subject to eligibility criteria) in addition to participation in our competitive benefits programs including healthcare, retirement, vacation, and wellbeing programs.

Job Description:

The Chief Information Security Officer (CISO) serves as the senior executive responsible for developing and executing the organization’s global information security and cyber risk strategy. Reporting to the CTO and working closely with the Operational Risk and executive leadership team, the CISO ensures the protection of data, systems, applications, and infrastructure across the enterprise.

As a business-aligned and board-facing leader, the CISO will guide the firm’s cybersecurity maturity, direct operational security activities, and foster a security-first culture. The role includes full accountability for cyber governance, incident response, regulatory compliance, data protection, and third-party risk, with emphasis on proactive defense, resilience planning, and secure innovation.

Your Responsibilities

Strategic Leadership & Governance

• Define and implement a global cybersecurity strategy aligned with business objectives, risk appetite, and regulatory expectations.
• Serve as the primary advisor to executive leadership and the Board's Risk Committee on cybersecurity posture, key risks, and emerging threats.
• Develop and oversee a multiyear investment plan for cybersecurity capabilities, technology, staffing, and risk mitigation initiatives.
• Participate in governance forums and contribute to enterprise risk management (ERM) efforts through integrated cyber risk metrics and dashboards.

Cybersecurity Operations & Threat Management

• Direct daily operations of the Information Security Office, including threat detection, incident response, security monitoring, and 24/7 SOC oversight.
• Lead enterprise incident response planning, simulations, forensics, and crisis communications.
• Manage insider threat and user behavior analytics programs to detect and respond to anomalous activities.
• Integrate external threat intelligence from sources such as FS-ISAC, law enforcement, and regulatory bodies.

Secure Architecture, Cloud & DevSecOps

• Ensure the integration of security in technology development via DevSecOps, secure SDLC practices, and code scanning.
• Lead the security architecture strategy, including secure-by-design principles, Zero Trust adoption, and identity governance.
• Oversee the protection of cloud-native and hybrid environments across AWS, Azure, and GCP platforms.
• Ensure appropriate security controls and encryption strategies are applied across applications, APIs, and distributed systems.

Data Security, Privacy & Classification

• Collaborate with Data Governance and Privacy to implement data classification, protection, and lifecycle strategies.
• Govern technologies and policies supporting DLP, tokenization, data masking, and breach response.
• Ensure compliance with global and regional data protection regulations (e.g., GDPR, NYDFS, GLBA, SEC, MAS).

Third-Party & Supply Chain Cyber Risk

• Lead the end-to-end lifecycle of vendor cybersecurity assessments, onboarding, and continuous monitoring.
• Implement a scalable third- and fourth-party risk program, including tiering, scoring, and reporting of external service providers.
• Drive SaaS and cloud service provider due diligence processes and enforce compliance with internal security standards.

Cyber Resilience & Business Continuity

• Co-lead business continuity planning and recovery efforts for cyber-specific scenarios in alignment with enterprise DR planning.
• Conduct and refine cyber tabletop exercises involving business, technology, compliance, and board observers.
• Partner with Internal Audit and Risk to ensure appropriate response and remediation to vulnerabilities and audit findings.

Metrics, Reporting & Performance Management

• Define and track key performance indicators (KPIs) and key risk indicators (KRIs) for the cybersecurity program.
• Produce executive-level dashboards and reports for internal leadership and board consumption.
• Ensure maturity assessments, such as NIST CSF scoring and gap analysis, are conducted regularly.

Talent Development & Culture Building

• Build, inspire, and lead a high-performing global team of security professionals across disciplines.
• Promote a firmwide culture of security through ongoing training, phishing simulations, and awareness campaigns.
• Develop the next generation of cybersecurity leaders and contribute to organizational succession planning.

Innovation & Emerging Tech Oversight

• Advise on security implications of emerging technologies including artificial intelligence, quantum computing, blockchain, and IoT.
• Establish governance for the secure adoption of AI/GenAI and maintain alignment with evolving regulatory guidance.

Your Expertise

• Bachelor’s degree in Cybersecurity, Computer Science, or related discipline; advanced degree (MBA, MIS) preferred.
• 10+ years of progressive experience in cybersecurity with 5+ years in a senior leadership capacity in a regulated environment.
• Deep familiarity with financial industry regulations and global security frameworks (NIST, ISO 27001, SOC 2, COBIT).
• Proven experience managing cybersecurity programs in complex, hybrid environments, including public cloud.
• Demonstrated success in influencing cross-functional leaders, boards, and external stakeholders.
• Proficiency in managing budgets, cybersecurity investments, and resource planning.
• Relevant certifications preferred: CISSP, CISM, CISA, CRISC, CCSP, or equivalent.

Leadership Attributes

• Strategic and growth-oriented mindset with the ability to anticipate and address complex risks.
• Transparent communicator, capable of engaging technical and non-technical audiences alike.
• Resilient and adaptive leader, comfortable with ambiguity and change.
• High integrity, ethical judgment, and a collaborative style.
• Demonstrated ability to build trust, attract talent, and foster an inclusive and high-performance culture.

Equal Employment Opportunity 

Russell Investments is committed to providing equal employment opportunities for all associates and employment applicants regardless of race, religion, ancestry, creed, color, gender (including gender identity which refers to a person's actual or perceived sex, and includes self-image, appearance, behavior or expression, whether or not different from that traditionally associated with a person's biological sex), age, national origin, citizenship status, disability, medical condition, military status, veteran status, marital status, sexual orientation,  past or present unemployment status , or any other characteristic protected by law.