Information Security Officer - Global Technology Services, Vice President

The Vice President, Infrastructure Security Officer is accountable for providing enterprise‑level cyber risk leadership across infrastructure platforms, including on‑premises, cloud, and hybrid environments. Operating within the first line of defense, this role partners with infrastructure, technology, and cybersecurity leadership to ensure infrastructure services are secure, resilient, and compliant with regulatory and internal risk standards.

This VP serves as a senior risk advisor and trusted partner to infrastructure owners, influencing architecture, control design, and remediation prioritization while balancing security, operational resilience, and business enablement.

Key Responsibilities

• Provide senior‑level cyber risk oversight for enterprise infrastructure platforms, including compute, storage, network, virtualization, identity, and cloud services.
• Act as the primary cybersecurity risk partner to infrastructure and platform executives, advising on design decisions, material change initiatives, and risk acceptance.
• Drive consistent application of security‑by‑design and resilience principles across infrastructure strategy, architecture, and lifecycle processes.
• Lead infrastructure cyber risk assessments, control gap analysis, and risk prioritization aligned to enterprise risk appetite and regulatory expectations.
• Oversee execution and tracking of material risk remediation efforts across infrastructure domains, ensuring transparency and escalation where required.
• Provide leadership during infrastructure‑related cyber incidents, including decision support, impact assessment, and post‑incident improvements.
• Partner with global cybersecurity functions to influence standards, patterns, and tooling related to infrastructure security (e.g., vulnerability management, IAM, logging, cloud security).
• Present infrastructure cyber risk, trends, and material issues to senior management and governance forums in clear business‑relevant terms.

Required Qualifications

• Significant experience in infrastructure cybersecurity or technology risk leadership within large, complex enterprises, preferably in regulated financial services environments.
• Strong understanding of enterprise infrastructure architectures and associated security risks across on‑prem, cloud, and hybrid models.
• Proven ability to lead risk‑based decision‑making, including control design, remediation prioritization, and risk acceptance discussions at senior levels.
• Demonstrated success influencing senior infrastructure and technology stakeholders without direct line authority.
• Strong communication skills, with experience translating technical infrastructure risk into business and regulatory impact.
• Senior‑level experience with public cloud security (AWS, Azure, and Oracle) and cloud governance models.
• Familiarity with infrastructure automation and DevOps/IaC from a security and control perspective.
• Experience operating within regulatory or industry frameworks (e.g., NIST, ISO, DORA, FFIEC).
• Background supporting large‑scale infrastructure transformation initiatives (e.g., data center exit, cloud migration, resilience uplift programs).
• Fluency in English required, Mandarin proficiency highly desirable.

Key Attributes

• Executive presence with strong risk ownership mindset
• Pragmatic, outcome‑focused approach to security and resilience
• Trusted advisor capable of constructively challenging design and delivery decisions
• Comfortable operating in highly regulated, high‑visibility environments

Salary Range

$120,000 - $217,500 Annual

Equal Employment Opportunity

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.