Chief Information Security Officer

Requirements

• A baccalaureate degree from an accredited college or university including or supplemented by 12 credits in mathematics, statistics, accounting, and/or actuarial science and four years of satisfactory full-time experience implementing the provisions of a retirement plan involving the use of mathematical, statistical, actuarial or accounting computations, 18 months of which must have been in an administrative, managerial or executive capacity or supervising professionals implementing the provisions of a retirement plan involving the use of mathematical, statistical, actuarial or accounting computations; or 2. An associate degree or 60 credits from an accredited college or university, including or supplemented by 12 credits in mathematics, statistics, accounting and/or actuarial science and six years of satisfactory full-time experience as indicated in "1"; or 3. Education and/or experience equivalent to "1" or "2" above. However, all candidates must have 60 credits from an accredited college or university, including or supplemented by 12 credits in mathematics, statistics, accounting and/or actuarial science and the 18 months of experience in a supervisory, administrative, managerial or executive capacity as described in "1" above.
• Preferred Skill

Additional Information

About TRS: Since 1917, the Teachers' Retirement System of the City of New York (TRS) has been securing better futures for NYC educators. With a pension fund valued at approximately $123 billion, TRS serves over 274,000 members, providing them with retirement, disability, and death benefit services. At TRS, we seek dedicated professionals who are passionate about their work and committed to excellence. We pride ourselves on our member-centric culture, focused on delivering outstanding service and support to our members. Position Summary: TRS is seeking a seasoned and strategic Chief Information Security Officer (CISO) to lead and elevate it's Information Security and Business Continuity programs. This is a critical leadership role within a well-established discipline; continuity and forward-thinking guidance are essential to ensuring ongoing protection of TRS' mission-critical functions. The ideal candidate is a versatile, decisive leader with deep expertise across all areas of information security, including policy development, risk assessments, regulatory audits, incident response, training, and third-party/vendor risk management. The CISO will collaborate closely with IT and business leaders and must be comfortable navigating both technical and strategic responsibilities. Reporting to the Chief Risk Officer, this position leads a small, high-performing team within the Risk Management Department and requires a hands-on leader who can make risk-informed decisions under pressure while continuously maturing the agency's security posture. Key Responsibilities: - Lead and continuously enhance the agency's Information Security and Business Continuity programs, ensuring strategic alignment with IT architecture, security engineering, and operational frameworks in accordance with NIST, ISO, and applicable state regulatory standards. - Serve as a technical and trusted advisor on Information Security and Business Continuity to IT, Legal, and business units, embedding security and resilience into systems, contracts, and daily operations. - Participate in technical planning and understand impact to organization. - Conduct and oversee cybersecurity risk assessments, vendor risk reviews, and responses to internal and external audits. - Lead and coordinate the end-to-end lifecycle of security incidents, from initial detection and investigation to containment, forensics, and lessons-learned reporting. Serve as the technical escalation point for complex incidents. - Maintain, test, improve, continuously improve business continuity and disaster recovery plans across critical operations, including data backup, replication strategies, and system failover procedures. - Supervise and mentor a small, high impact team; ensuring coverage for both strategic planning and monitoring. - Design and enforce technical policies, security configuration baselines, and automated compliance monitoring across hybrid infrastructure (on-premises and cloud environments). - Design and lead a targeted security awareness program, promoting ownership and accountability across the organization. - Monitor, track, and report on key risk indicators (KRIs), threat trends, control effectiveness, and program maturity metrics. - Partner with auditors, regulators and external partners, to ensure compliance and manage remediation efforts. - Engage with third-party vendors and service providers to assess security status and identify vulnerabilities. - Stay current with emerging cybersecurity, privacy, and resilience trends, proactively integrating best practices and evolving threats into the agency's strategic roadmap. - Perform additional related duties as assigned by the Chief Risk Officer.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at TEACHERS RETIREMENT SYSTEM? Share your experience