Chief Information Security Officer

Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) serves as the senior executive responsible for developing and executing the organization's global information security and cyber risk strategy.

Reporting to the CTO and working closely with the Operational Risk and executive leadership team, the CISO ensures the protection of data, systems, applications, and infrastructure across the enterprise.

As a business-aligned and board-facing leader, the CISO will guide the firm's cybersecurity maturity, direct operational security activities, and foster a security-first culture.

The role includes full accountability for cyber governance, incident response, regulatory compliance, data protection, and third-party risk, with emphasis on proactive defense, resilience planning, and secure innovation.

Your Responsibilities

• Define and implement a global cybersecurity strategy aligned with business objectives, risk appetite, and regulatory expectations.
• Serve as the primary advisor to executive leadership and the Board's Risk Committee on cybersecurity posture, key risks, and emerging threats.
• Develop and oversee a multiyear investment plan for cybersecurity capabilities, technology, staffing, and risk mitigation initiatives.
• Participate in governance forums and contribute to enterprise risk management (ERM) efforts through integrated cyber risk metrics and dashboards.
• Direct daily operations of the Information Security Office, including threat detection, incident response, security monitoring, and 24 / 7 SOC oversight.
• Lead enterprise incident response planning, simulations, forensics, and crisis communications.
• Manage insider threat and user behavior analytics programs to detect and respond to anomalous activities.
• Integrate external threat intelligence from sources such as FS-ISAC, law enforcement, and regulatory bodies.
• Ensure the integration of security in technology development via DevSecOps, secure SDLC practices, and code scanning.
• Lead the security architecture strategy, including secure-by-design principles, Zero Trust adoption, and identity governance.
• Oversee the protection of cloud-native and hybrid environments across AWS, Azure, and GCP platforms.
• Ensure appropriate security controls and encryption strategies are applied across applications, APIs, and distributed systems.
• Collaborate with Data Governance and Privacy to implement data classification, protection, and lifecycle strategies.
• Govern technologies and policies supporting DLP, tokenization, data masking, and breach response.
• Ensure compliance with global and regional data protection regulations (e.g., GDPR, NYDFS, GLBA, SEC, MAS).
• Lead the end-to-end lifecycle of vendor cybersecurity assessments, onboarding, and continuous monitoring.
• Implement a scalable third- and fourth-party risk program, including tiering, scoring, and reporting of external service providers.
• Drive SaaS and cloud service provider due diligence processes and enforce compliance with internal security standards.
• Co-lead business continuity planning and recovery efforts for cyber-specific scenarios in alignment with enterprise DR planning.
• Conduct and refine cyber tabletop exercises involving business, technology, compliance, and board observers.
• Partner with Internal Audit and Risk to ensure appropriate response and remediation to vulnerabilities and audit findings.
• Define and track key performance indicators (KPIs) and key risk indicators (KRIs) for the cybersecurity program.
• Produce executive-level dashboards and reports for internal leadership and board consumption.
• Ensure maturity assessments, such as NIST CSF scoring and gap analysis, are conducted regularly.
• Build, inspire, and lead a high-performing global team of security professionals across disciplines.
• Promote a firmwide culture of security through ongoing training, phishing simulations, and awareness campaigns.
• Develop the next generation of cybersecurity leaders and contribute to organizational succession planning.
• Advise on security implications of emerging technologies including artificial intelligence, quantum computing, blockchain, and IoT.
• Establish governance for the secure adoption of AI / GenAI and maintain alignment with evolving regulatory guidance.

Your Expertise

Leadership Attributes

Equal Employment Opportunity

Russell Investments is committed to providing equal employment opportunities for all associates and employment applicants regardless of race, religion, ancestry, creed, color, gender, age, national origin, citizenship status, disability, medical condition, military status, veteran status, marital status, sexual orientation, past or present unemployment status, or any other characteristic protected by law.