EVP Cyber Security

It’s never been a more exciting time to join Vistra. At Vistra our purpose is progress. We believe that our clients have the power to change the world and to do great things for global progress, and we exist to remove the friction that comes from the complexity of global business – to help our clients achieve progress without friction.

But progress only happens when people come together and take action. And we’re absolutely committed to building a culture where our people can do just that. Role Purpose Vistra is a global provider of corporate, fund, and capital markets services operating across highly regulated jurisdictions.

The EVP of Cyber Security will be accountable for defining, leading, and continuously strengthening Vistra’s global enterprise-wide cyber security strategy , ensuring the protection of client data, digital platforms, intellectual property, and business operations across all regions. This role will lead Vistra’s global cyber security capability, embedding security-by-design , driving cyber resilience, ensuring regulatory compliance, and acting as a trusted advisor to the Executive Committee and Board on cyber risk, investment priorities, and incident readiness. Key Accountabilities: 1.

Cyber Security Strategy & Governance Define and execute Vistra’s global cyber security strategy and multi-year roadmap , aligned to business growth, digital transformation, and regulatory obligations. Establish and maintain a robust information security governance framework , policies, standards, and controls across all markets and operating entities. Ensure cyber security is integrated into enterprise architecture, cloud strategy, application development, and third-party ecosystems. 2.

Security Operations & Threat Management Oversee Vistra’s global Security Operations capabilities , including threat detection, monitoring, vulnerability management, and incident response. Implement and optimize enterprise security tooling, including SIEM, EDR, IAM, threat intelligence, and data loss prevention platforms . Proactively monitor emerging threats, including dark web exposure, credential compromise, and data leakage risks , taking preventative and corrective actions. 3.

Risk, Compliance & Regulatory Alignment Lead Vistra’s cyber risk management framework, maintaining a comprehensive enterprise cyber risk register . Ensure compliance with applicable regulations and standards, including but not limited to: ISO 27001 / NIST frameworks GDPR and global data protection regimes MAS, HKMA, FSA and other relevant financial services regulators India DPDP Act and regional privacy requirements Own cyber security audits (internal and external) and regulatory examinations. 4. Security Architecture & Engineering Embed security-by-design and zero trust principles across infrastructure, cloud platforms, applications, and data environments.

Oversee identity and access management , encryption standards, and secure integration of third-party and SaaS platforms. Partner closely with Enterprise Architecture, Infrastructure, Cloud, and Application teams to ensure resilient system design. Ensure that AI tools, services and platforms are secure, protected against mallicious code injection and meet the necessary data control guardrails the team defines 5.

Privacy & Trust Ensure that the Data Privacy standards are created and maintained, guardrails and platform controls are in place to secure Vistra's employee, customer data Ensure that the appropriate tools and services exist to keep the organization compliant Set governance and controls across the group to ensure that the organisation functions within the defined operating parameters Ensure that customer facing products and services in the Vistra Digital portfolio are secure and data is protected 6. Business Continuity, Resilience & Incident Readiness Own Vistra’s cyber resilience strategy , including disaster recovery and cyber incident response plans. Lead regular tabletop exercises, simulations, and crisis readiness testing involving executive stakeholders.

Establish clear crisis communication protocols for cyber incidents, including regulatory and client communications. 7. Leadership & Culture Build, lead, and scale a high-performing global cyber security organisation , including regional security leadership where required. Drive enterprise-wide cyber awareness and risk culture , ensuring accountability across business and technology teams.

Provide clear, concise reporting and insights to Executive Committee and Board-level forums. 8. Vendor & Stakeholder Management Lead relationships with managed security service providers, consulting partners, and technology vendors . Evaluate emerging cyber security technologies and recommend investment priorities.

Act as a trusted advisor to senior leaders on cyber risk trade-offs in a fast-scaling, digitally enabled organisation. Jobs To Be Done : The EVP of Cyber Security is accountable for delivering the following critical outcomes on behalf of Vistra: 1. Protect Vistra’s Clients, Data, and Trust Ensure Vistra’s client data, platforms, and digital services are secure, resilient, and trusted across all jurisdictions .

Reduce the likelihood and impact of cyber incidents that could compromise client confidentiality, regulatory standing, or brand reputation. 2. Make Cyber Risk Visible and Actionable for Executives and the Board Translate complex cyber threats and vulnerabilities into clear, business-relevant risk insights for Executive Committee and Board decision‑making. Provide confidence that cyber risks are understood, prioritised, and actively managed in line with Vistra’s risk appetite. 3.

Enable Growth and Digital Transformation Securely Ensure cyber security enables , rather than constrains, Vistra’s growth, acquisitions, and digital transformation agenda. Embed security-by-design into new platforms, cloud migrations, automation, and third‑party integrations so innovation can scale safely. 4. Maintain Regulatory Confidence Across All Markets Ensure Vistra consistently meets and evidences compliance with global and local cyber, data protection, and financial services regulations.

Be the accountable owner for demonstrating strong cyber governance to regulators, auditors, and external stakeholders. 5. Ensure Readiness for Cyber Incidents and Crisis Scenarios Prepare Vistra to respond decisively, consistently, and confidently to cyber incidents when they occur. Ensure executive leadership understands their roles in a cyber crisis and that response, communication, and recovery actions are rehearsed and effective. 6.

Build a Sustainable, High ‑ Performance Global Cyber Capability Design and lead a cyber security organisation that is fit for scale , regionally appropriate, and capable of operating 24/7 in a global business. Develop talent, succession, and operating models that reduce dependency on individuals while increasing maturity and resilience. 7. Create a Culture of Shared Accountability for Cyber Security Shift cyber security from a “technology function” to a shared enterprise responsibility across business, operations, and IT.

Increase cyber awareness, ownership, and good security behaviours at all levels of the organisation. Key Requirements: Bachelor’s degree in Cyber Security, Computer Science, Information Systems, or related discipline (Master’s preferred). 15+ years experience across information security and cyber security roles. 8+ years in senior leadership roles with global, multi-region accountability . Proven experience building and leading enterprise-scale cyber security programs.

Deep knowledge of NIST, ISO 27001, CIS Controls , and modern security architectures. Strong experience securing cloud and hybrid environments (AWS, Azure, GCP). Demonstrated experience operating in highly regulated, multi-jurisdiction environments .

Professional certifications such as CISSP, CISM, CRISC, CISA . Experience leading cyber security transformations in complex, services-driven organisations. Prior Board-level reporting and regulatory engagement experience.

Strong executive presence with the ability to translate technical risk into commercial and operational impact. Company Benefits: At our Vistra GSC office, we believe in putting our employees’ well-being first! We offer a hybrid working arrangement.

Additionally, we provide attractive insurance benefits, excellent job exposure and career prospects. If you are excited about working with us, we encourage you to apply or have a confidential chat with one of our Talent Acquisition team members. Our goal is to make this a great place to work where all our people can thrive.

We hope you join us on this exciting journey!