At MFS, you will find a culture that supports you in doing what you do best. Our employees work together to reach better outcomes, favoring the strongest idea over the strongest individual. We put people first and demonstrate care and compassion for our community and each other. Because what we do matters - to us as valued professionals and to the millions of people and institutions who rely on us to help them build more secure and prosperous futures.
What you will be responsible for: Working directly with the MFS Chief Security Officer, help direct and oversee a multi-disciplined global security program within risk appetite. Utilize knowledge, understanding and hands-on experience with all aspects of security and safety strategic and tactical activities, and risk management, including but not limited to policy, processes, compliance, planning, tracking, reporting, implementation, and execution. Have proficient knowledge of cyber, information and physical security disciplines including administrative, technical, and physical/safety controls applied to internally and externally hosted applications and systems. A strong understanding of development processes, application, systems, and network management controls. Lead the development of standards and best practices in collaboration with key stakeholders, including the definition, design, testing, and implementation of security enhancements and products owned, managed, or outsourced.
Provides leadership and mentoring for direct reports and across the security organization. Manages assigned personnel and may lead multiple teams and programs. Using discretion and judgment, direct the day-to-day security operations, control execution, business analysis, resource allocation and project management for assigned MFS global security needs. Works with business and technology leads and the Project Management team to plan and prioritize security control design and integration in support of project delivery. Provides oversight and planning for resource and project budgets. Works closely with CSO and senior management to develop products, services, and operational efficiencies that are consistent with the vision and strategy of MFS. Has a risk-mitigating mindset with a focus on effective internal and shared control design, integration, and execution.
- Work with the CSO on the setting and delivery of the strategic management direction of the department, completion of goals and objectives consistent with, and complementing the divisional and corporate goals.
- Help to ensure the department is managed efficiently and effectively in terms of service levels, staff management, department standards and guidelines, timely completion of projects and corporate responsiveness within budgetary guidelines.
- Direct staff in their participation in projects; monitor assignments and make decisions regarding employment, training and development, performance appraisals, and compensation. Provide large-scale project management for security projects, including planning, tracking, monitoring, budgeting and implementation.
- Leads the management of due diligence for administrative, technical and physical/safety controls covering MFS data, application, and systems hosted internally or with service provider(s) and owned and/or managed facilities. Identify risks and system needs, define solutions and processes, and establish security policies and procedures. Maintain ownership of development, compliance and exceptions to policy.
- Oversee the investigation of security events and incidents with the team. Interacts with local and national law enforcement agencies where MFS operates in close coordination with the CSO, Legal and Compliance. Communicate all findings to the CSO for awareness and further action as required.
- Accountable for the creation and management of the security budget with oversight from the CSO.
- Help to develop and expand the current capabilities of the Security team and form effective partnership relationships with department and program key stakeholders and business partners.
- Manage scheduled audits of the security functions, which includes partnering with the various business and technology teams to correct control defects, flaws, and vulnerabilities, and identify and implement solutions (where applicable) within defined expectations and time periods.
- Leveraging the feedback of direct reports and others, evaluates new or enhancements to products, processes, and controls, and recommends those that are appropriate for current or future working environment.
- Provides security vendor oversight for software and service offerings to ensure adherence to SLAs and contractual requirements. Lead and direct plan to improve deficient area(s).
- Responsible for security process and procedural creation and improvements. Examines workflow and recommends ways to increase efficiency and/or effectiveness. Helps to standardize security processes across the organization. Ensure controls and processes meet industry frameworks (e.g., NIST Cybersecurity Framework and ISO 27001/2 and 15) at a level of risk appropriate for MFS and develops strategy for best-in-class target profile.
- Stays current of the latest security and safety trends and technologies in Financial Services. Participates in conferences and seminars to proactively identify emerging technologies and identify opportunities to apply them to internal business challenges. Leads collaborative discussions across the Firm to educate and engage business and technical communities on these opportunities. Actively participate in information security information sharing forums to help ensure MFS is partnering with other companies, helping build industry security knowledge and solutions.
- Participate in a leadership capacity on MFS Security and Risk committees to advise on new technology, information security risks, regulations and new or improved controls, including shared control environments.
- Maintains management reports that will track progress of projects, system enhancements, and as assigned.
- Performs additional duties as required.
- MFS' job descriptions reflect management's assignment of essential functions, which may be subject to change at any time due to constantly changing business needs.
- A Bachelor's degree in Business, Computer Science, Information Technology Management or equivalent related experience is required.
- Criminal Justice or equivalent related experience covering physical and safety is highly recommend.
- Minimum of ten (10) years security-specific or technology experience and seven (7) years in a leadership role.
- Proven ability to organize, plan, manage/deliver, track projects with a geographically dispersed team.
- Strong leadership skills with an emphasis on achieving success by influencing decisions across multiple business units and strategic partners.
- Annual planning experience to build a budget incorporating new technology acquisitions and staffing levels to meet strategic demands.
- Position requires licensing in accordance with MFS licensing policy. Attain FINRA 99 license within 12 months of employment.
- CISSP or CISM or equivalent required.
- Must have a diverse technology and/or security background with knowledge in several disciplines, including: information security program development and implementation; control design, integration and implementation for internally and externally hosted technologies; application security principles and development practices (e.g., agile); incident response practices and protocols; threat modeling (e.g., STRIDE and MITRE), risk management techniques; applicable regulatory and compliance requirements; systems and network management practices; and experience with integrating third-party systems, both hosted and on-
- Very strong interpersonal, communication and negotiation skills.
- Proficient presentation and public speaking skills covering a diverse audience
- Ability to coach and mentor employees to enhance their skills and performance and help them develop their careers.
- Strong service orientation with enthusiasm for developing creative programs and solutions to business issues.
What we offer:
- Generous time-off provided: including "Responsible time off" for many roles, paid company holidays when the US Stock Exchange is closed, plus paid volunteer time
- Family Focus: Up to 20 weeks of paid leave for new parents, back-up care program, dependent care flexible spending account, adoption assistance, generous caregiver leave
- Health and Welfare: Competitive medical, vision and dental plans, plus tax-free health savings accounts with company contributions
- Wellness Programs: Robust wellness webinars, employee assistance program, gym reimbursement through our medical plans, fitness center discounts and more
- Life & Disability Benefits: Company-paid basic life insurance and short-term disability
- Financial Benefits: 401(k) savings plan, Defined Contribution plan- 15% of base salary invested into the Plan, competitive total compensation programs
MFS is a hybrid work environment (remote/onsite) unless otherwise stated in the job posting .
This position will require individuals to be fully vaccinated against COVID-19 as part of their job responsibilities, unless MFS approves an exemption as an accommodation due to a medical condition or sincerely held religious belief. Submission of an exemption request does not guarantee that an exemption will be approved or that the request can be accommodated.
If any applicant is unable to complete an application or respond to a job opening because of a disability, please contact MFS at 617-954-5000 or email email@example.com for assistance.
MFS is an Affirmative Action and Equal Opportunity Employer and it is our policy to not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, age, marital status, sexual orientation, gender identity, genetic information, disability, veteran status, or any other status protected by federal, state or local laws. Employees and applicants of MFS will not be subject to harassment on the basis of their status. Additionally, retaliation, including intimidation, threats, or coercion, because an employee or applicant has objected to discrimination, engaged or may engage in filing a complaint, assisted in a review, investigation, or hearing or have otherwise sought to obtain their legal rights under any Federal, State, or local EEO law is prohibited. Please see the EEO is the Law document and Pay Transparency Nondiscrimination Provision , linked for your reference.