Business Information Security Officer

Invesco Ltd. is a leading independent global investment management firm, dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, Invesco provides a wide range of investment strategies and vehicles to our clients around the world. Operating in more than 20 countries, the firm is listed on the New York Stock Exchange under the symbol IVZ.

To provide information security (IS) support to assigned Invesco line(s) of business. Operating under limited supervision, the individual will advise the business and information technology teams on information security matters based on Invesco’s risk tolerance, global information security strategy, and as directed by Information Security Management. The individual will be a member of the Business Security Services team and part of the Global Information Security team responsible for ensuring the appropriate and consistent implementation of security controls across the firm.

* Build sound business relationships to enable strong understanding and alignment of business needs, control objectives, and risk appetite; Partner with business to identify specific information security risks and develop appropriate risk treatment action plans; effectively communicate security risk in terms business, legal, compliance and IT leaders can understand. * Advise business on design, implementation and maintenance of effective information security controls (administrative, physical & technical); oversee implementation/compliance with all information security program objectives (policies/standards, data lifecycle management, access recertification, etc.); ensure security risk is appropriately represented in relevant business and governance forums. * Provide general information security consulting services including project reviews, identification of requirements for Information Security/IT solutions to support business needs, and communicate security threats, vulnerabilities, control objectives, and risks. * Deploy role-based information security training and awareness in the business. * Serve as first point of contact and escalation for all business information security matters; serve as business security incident response coordinator and advisor on emergency actions to protect the business. * Provide input to and manage global information security policies, standards, processes, and procedures based on business requirements, risk tolerance, and financial industry / ISO standards. * Assess risk leveraging standard methodologies including threats, vulnerabilities, controls, probability and impact (financial/non-financial), heat maps, and evaluation of cost / effectiveness of possible remedies; evaluate information security / technology risk and ensure appropriate reporting of metrics. * Participate in global risk assessment program including development of multi-year security strategy and current / target state maturity. * Coordinate and communicate results of third party risk assessments to ensure appropriate implementation of controls for accessing or handling firm information. * Review/approval of data and investigation requests. * Other duties as assigned.

* Eight plus years Information Technology experience with 5+ in Information Security * Building and managing relationships at all levels within the organization * Working in large / global corporate environments involving multiple businesses * Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security * Comprehensive working knowledge of industry standards (ISO, COBIT, COSO, ITIL) * Financial services and project management experience highly desired * Developing / delivering presentations to large audiences and at all levels within the organization **Skills / Other Personal Attributes Required:** * Proven ability to effectively sell ideas and build consensus at all levels within the organization * Track record of success in planning and implementing large projects. Strong crisis management skills * Entrepreneurial spirit; hands-on and quick decision-maker * Strong analytical skills with ability to define, collect, analyze data, establish facts, draw valid conclusions, and make fact-based decisions * Strong communicator (written and verbal) and listener * Motivated self starter with ability to work independently and remotely with limited supervision * Possesses diplomacy and cooperative style necessary to interface effectively with all personalities and across functional disciplines **Formal Education:** (minimum requirement to perform job duties) * A Bachelor’s Degree in Management Information Systems or Computer Science is preferred or commensurate relevant work experience **License/Registration/Certification:** (minimum requirement to perform job duties) * CISSP (or equivalent) required or within six months of hire **Working Conditions:** * Normal office environment with little exposure to noise, dust and temperatures * The ability to lift, carry or otherwise move objects of up to 10 pounds is also necessary * Normally works a regular schedule of hours, however hours may vary depending upon the project or assignment * Hours may include evenings and/or weekends and may include 24 hour a day on call support by pager and/or cell phone * Willingness to travel both domestically and internationally. Frequency and duration to be determined by manager