Principal Cybersecurity Advisor - Information Security Strategy & Analytics; Hybrid

Principal Cybersecurity Advisor, Information Security Strategy & Analytics

Senior individual contributor who partners with the ISRM leadership team, including the CISO, to shape the function's strategic direction and build the narrative, documentary, and measurement foundation that enables sound executive decision‑making. This role translates business priorities, risk insights, regulatory drivers, and delivery realities into security strategy, multi‑year roadmaps, investment recommendations, and portfolio narratives that guide leadership decisions.

This role has two defining requirements. First, the ability to communicate complex security strategy clearly, compellingly, and credibly to senior and executive audiences, both in writing and in person. Second, deep enough security practitioner experience to engage with credibility on strategic priorities, risk trade‑offs, and investment decisions without requiring translation. The ideal candidate has lived the work they will now help shape.

• Define and maintain ISRM's strategic direction, including strategic priorities, target state, and multi‑year roadmap, in close partnership with ISRM leadership.
• Translate business priorities, threat and risk insights, regulatory drivers, and security delivery realities into strategic recommendations, investment proposals, and trade‑off analyses for leadership decision‑making.
• Own ISRM's strategic narrative by developing and continuously improving strategy documentation, roadmap materials, executive communications, and leadership presentations that clearly articulate the function's direction, progress, and value.
• Serve as the primary subject matter expert and content architect for ISRM strategic communications, partnering with enterprise communications teams to ensure strategic messaging is developed and delivered effectively.
• Lead the development of ISRM's strategic inputs to annual planning activities, including Long‑Range Planning (LRP) and capital planning, ensuring strategic priorities, investment rationale, and multi‑year direction are clearly articulated and satisfied by execution roadmaps and activities.
• Synthesize portfolio data, delivery performance, and resource realities into prioritization recommendations, providing leadership with a clear analytical basis for investment and sequencing decisions.
• Track ISRM's security maturity progress against established frameworks such as NIST CSF, partnering with technical teams on assessment preparation and ensuring findings are accurately reflected in strategic priorities, roadmap inputs, and remediation planning.
• Actively partner with the ISRM metrics and reporting team to identify, define, and drive meaningful measurement initiatives, such as security hygiene tracking and operational risk reporting, ensuring the metrics roadmap reflects ISRM's strategic priorities and produces reporting that is decision‑relevant at the leadership level.
• Evolve ISRM's strategic planning and prioritization practices, including decision frameworks, investment governance, and planning cadences, in close partnership with the Portfolio Manager who owns delivery governance and PMO standards.
• Define and maintain ISRM's service catalog, establishing clear service definitions, maturity frameworks, and engagement models that accurately reflect ISRM's capabilities and communicate them effectively to stakeholders.

• Bachelor's Degree and 8 years of experience OR Master's Degree and 7 years of experience OR PhD and 3 years of experience.
• Significant demonstrated experience in information security strategy, security program leadership, or security transformation within a large, complex organization, with enough practitioner depth to engage credibly on priorities, risk trade‑offs, and investment decisions.
• Exceptional written communication skills, with a demonstrated track record of developing executive‑level strategy documents, roadmaps, decision papers, and governance narratives that influence senior leadership. Strong writing ability is a defining requirement of this role.
• Exceptional executive communication and stakeholder engagement skills, with demonstrated ability to…