Information Security Officer

Xpansiv®, a trailblazer in the energy and environmental commodities market, operates the integrated, open, and neutral market platform designed to accelerate the global energy transition.  Xpansiv provides thousands of market participants and intermediaries with access to the widest possible range of energy transition markets, through its suite of solutions, including the world’s largest environmental commodities trading platform, where billions of assets cross per year. Xpansiv’s end-to-end technology platform services the entire life cycle of environmental commodities, connecting diverse markets and market participants across the world and enabling stakeholders to deliver transparent and trusted environmental claims to address the growing demand for energy transition. Leveraging its extensive industry knowledge and proven technology portfolio, Xpansiv assists companies seeking to identify and mitigate risk, streamline the management of their environmental assets, and comply with regulations, caps and commitments.
Position Summary:Xpansiv is looking for an Information Security Officer to join the Global Risk and Compliance team.  This role will be key in the future development and execution of the information security program working directly with the Chief Risk Officer (CRO), CTO, engineers, risk, legal, and the lines of business, as well as with executive management.  The ISO will drive and refine the company’s information security strategic goals with responsibility for executing Xpansiv’s information security program.  The ISO will set the strategic direction and day to day execution of the information security program.  The ideal candidate will be able to balance the need to be hands on and manage a team, as well as partnering with other part of the organization.    

Essential Functions:

• Responsible for further development and execution of Xpansiv’s information security strategic plan in partnership with the Chief Risk Office, Chief Technology Officer and other security, business and technology team members. 
• Continue to develop a comprehensive information security program to safeguard Xpansiv. 
• Propose enhancements to the Information Security policies, standards and procedures. 
• Update the Information Security Program based on regulatory changes, threats, best practices, business needs and feedback from management. 

Job Requirements:

• Conduct risk assessments to identify potential changes to the security posture and recommend appropriate ways to address and gaps. 
• Determine acceptable risk levels for the Information Security and ensure threats to the company are mitigated in alignment with the company’s risk appetite. 
• Support audits and regulatory exams. Coordinate management's responses to information security-related findings. 
• Lead responses to customers’ information security inquiries into Xpansiv’s security posture. 
• Deep knowledge across the security tools and frameworks with an understanding which works best in different industries and environments. 
• Drive and deliver the development and implementation of the appropriate and effective controls to protect the organization’s assets.  
• Participate in the preparation of risk assessments to evaluate new technologies, applications, and devices. 
• Build out the information security awareness training for employees and Board of Directors with a detailed deep dive for Cyber Security Awareness month. 
• Support or execute security related testing as needed for material technology driven changes.  Ensure the remediation teams have sound plans and execute those in a timely manner.  
• Collaborate with the business and/or Information Technology to select appropriate technology vendors that support regulatory requirements and best practices. 
• Familiarity with key security solutions.  
• Understanding of international security obligations.  
• Refine a company-wide data loss prevention program to protect customer and company confidential information. 
• Provide guidance on projects, new implementations, or upgrades in adherence with the Information Security Program. 
• Run the Business Continuity Program, which includes working closely with business lines to ensure business impact analyses are comprehensive. This includes running incident response actions and driving follow up activity to closure.  

Other Knowledge, Skills and Abilities:

• Bachelor's degree in computer science, information systems or equivalent work experience is required. 
• Industry standard certification in information security, such as CISSP, CISM, CRISC, or acquisition within one year of hire. 
• Five years of experience supporting security architectures and applying security best practices across enterprise environments. 
• Highly familiar with cloud-based solutions 
• Possess excellent analytical, organizational and documentation skills. 
• Strong knowledge of both cybersecurity and IT risk management programs based on industry recognizable frameworks. 
• Strong collaboration and communication skills with the ability to tailor messages to the audience.   
• Equally comfortable working independently as with a team while building and maintaining collegial relationships across the company including with the commercial and technical teams.  
• Persuasive leader who can serve as an effective member of the management team and is able to communicate security-related concepts to a broad range of technical and non-technical staff. 
• Practical experience with vulnerability scanning and auditing tools. 
• Knowledge of DevOps application security. 
• Experience with cloud security best practices. 
• Ready to work in a highly dynamic and exciting environment.   

What can you expect throughout the interview process:Step 1- Shortlisting of resume & Recruiter screeningStep 2- "Get to know you" interview with the hiring managerStep 3- Meeting with team & key leaders

Base SalaryCompensation for this role will vary among specific regions due to geographic differentials in the labor market, actual pay will be determined considering factors such as relevant skills and experience, knowledge, education and training. However, the base compensation in New York is expected to be as follows:$250,000 -$270,000

Here at Xpansiv, we cultivate diversity, celebrate individuality, and believe unique perspectives are key to our collective success in building trust and transparency in global efforts toward net-zero future. Xpansiv is committed to equal employment opportunity regardless of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, protected veteran status, or any status protected by applicable federal, state, or local law.
Note to Recruiters: Xpansiv does not accept unsolicited resumes or referrals from placement agencies, staffing vendors or other external parties seeking recruiting fees without a signed formal agreement.