• Reporting to the Global CIO, the CISO will collaborate with appropriate parties to develop the vision and strategy for H&R Block's enterprise information security program. This includes global responsibilities for H&R Block tax and financial business operations in the U.S., Canada, Australia, India, and Ireland in addition to Wave Financial.
• Assess, manage and govern the current Information Security Program including policies, procedures, and organization to drive Block's Information Security Program to higher levels of maturity.
• Develop and oversee the outcomes of a multi-year roadmap, evolving and reprioritizing as necessary to ensure effectiveness.
• Significantly enhance security automation capabilities to deliver greater speed, efficiency, quality, and secure outcomes.
• Operate as a trusted information security advisor to the Leadership Team, CEO and the Board of Directors.
• Represent management to the Board/committees and present H&R Block’s security profile, industry position, risks, issues, strategies, execution, etc.
• Provide information security leadership to the IT operations and Applications/Data areas and oversee the information security management system and information security technical and operational standards.
• Facilitate healthy dialogue amongst stakeholders across the organization that bridges security and business needs, and results in a holistic viewpoint.
• Establish, monitor and reinforce policies related to data and asset usage and security. Do so with an understanding and appreciation of impact to the business.
• Oversee the construction and maintenance of technology standards and processes to ensure they meet policy.
• Ensure that InfoSec processes and operations are designed to be in compliance with the organization's information security policies and compliant with regulations and laws.
• Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, auditing agencies and outcomes, including potential overlaps with external audits conducted in the businesses. Within a framework of auditor independence, work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation and advocacy on audit responses.
• Lead a comprehensive enterprise-wide awareness program that makes security part of everyone’s job, including communications, training and reinforcement around associates’ roles in protecting client and company information.
• Partner with Legal/Compliance to develop a strategy for dealing with of audits, compliance checks and external assessment processes for internal/external auditors, PCI, HIPAA, and state laws.
• Partner with Risk, Legal/Compliance and Internal Audit functions relative to approach to difficult privacy and security issues. Act as a source of technical expertise to help automate controls as required.
• Support positioning information security as a business issue through greater level of business integration into security and risk priorities and decisions.
• Strengthen management of information security risks through a robust identification and prioritization processes that mitigate business risk and ensure information security governance through the implementation of an enterprise program.
• Assess potential and emerging information security threats, vulnerabilities, and control techniques across relevant business sectors and communicate this information to leaders and associates, as appropriate, throughout the organization on a timely basis.
• Advise leadership concerning risk issues that are related to information security and recommend actions in support of the company’s enterprise risk management program.
• Specify, prioritize, and oversee the development of information security solutions.
• The CISO serves as an Independent Monitor of InfoSec Operations (monitoring, controlling, reporting, and responding).
• Ensure that a visible and effective incident response policy, plan, and procedures is in effect for timely response, enforcement, tracking and reporting, including an escalation corridor for the CISO.
• Stay abreast of security, technology and industry trends. Maintain knowledge of security-related regulatory requirements and laws (e.g., HIPAA, PCI), standards (NIST, COBIT, ISO, HITECH, etc.) affecting privacy and security assurance, and partner with Law/Compliance to communicate throughout the enterprise to increase awareness and ensure that compliance is achieved where required.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong, proactive security posture.
• Utilize external parties, as appropriate to deliver on the security governance framework (i.e., awareness/ communications, training, forensics, etc.). Manage vendor relationships in a manner which controls costs, drives service excellence and mitigates risks.

Required Qualifications

​

NA

​

Preferred Qualifications

​

NA

The Chief Information Security Officer (CISO) is responsible for developing and maintaining a world-class, enterprise-wide information security and risk management program to ensure that information assets are adequately protected. This executive is responsible for identifying, evaluating, protecting and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

​

The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of information security technologies. The CISO will proactively work with other business functions to implement practices that meet defined policies and standards for information security. This role also oversees a variety of IT-related risk management activities and provide guidance for Business Continuity and Disaster Recovery Plans.

​

The CISO serves as the process owner of all activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with H&R Block's information security policies.

​

At the executive leadership level, the CISO is a key member of the IT Leadership team who contributes to business and technology strategy as they identify opportunities for innovation to grow H&R Block's market leadership position. The CISO helps define the security policies, processes, and the associated technical capabilities that helps the company achieve its goals while protecting its data.

​

A key element of the CISO's role is working with H&R Block’s executive management to determine acceptable levels of risk for the organization. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode. The ideal candidate is a thought leader, a consensus builder, and an integrator of people and processes.