Empire State Realty Trust, Inc. (NYSE: ESRT) is a REIT that owns and manages office, retail and multifamily assets in Manhattan and the greater New York metropolitan area. ESRT owns the Empire State Building, the World’s Most Famous Building, and Tripadvisor’s 2022 Travelers’ Choice Best of the Best Awards #1 attraction in the U.S. and #3 attraction in the world, in the newly reimagined and iconic Empire State Building Observatory. The company is a leader in healthy buildings, energy efficiency, and indoor environmental quality, and has the lowest greenhouse gas emissions per square foot of any publicly traded REIT portfolio in New York City. As of June 30, 2022, ESRT’s portfolio is comprised of approximately 9.2 million rentable square feet of office space, 700,000 rentable square feet of retail space and 625 units across two multifamily properties. More information about Empire State Realty Trust can be found at esrtreit.com and by following ESRT on Facebook, Instagram, Twitter and LinkedIn.

POSITION SUMMARY

The Head of Information Security is responsible for developing and executing ESRT's security posture including strategy development, policy development and enforcement, risk mitigation, enterprise education and awareness, relationship building with senior leadership and numerous departments across the enterprise. These responsibilities apply across all ESRT corporate entities and real estate assets.

A key element of this role is working with the CTO, CIO, Executive Management Team, Audit Committee, Board of Directors, and auditors to determine acceptable levels of risk for the organization.

RESPONSIBILITIES

• Head of Information Security is responsible for developing and executing ESRT's security posture including strategy development, policy development and enforcement, risk mitigation, enterprise education and awareness, relationship building with senior leadership and numerous departments across the enterprise;
• Develop and implement a sustainable, strategic and long-term information and cyber security roadmap that delivers world-class cyber protection for all ESRT corporate entities and real estate assets;
• Ensure compliance with security practices and develop a dashboard including metrics-based Security Operations Center that reflects real-time status of our key assets, perimeter and other relevant data;
• Proactively monitor for cyber threats, promptly communicate potential threats to the IT Management team, isolate said threat, and develop a plan of remediation to prevent future similar attacks;
• Manage the IT Incident Response Team, security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation;
• Perform regular cyber security reviews and assessments of all software applications and building OT (Operational Technology) systems;
• Lead the development, authorship, and dissemination of up-to-date information security policies, standards, and guidelines. Implement and maintain security policies and practices;
• Coordinate security training for employees, contractors, partners, and other third parties as appropriate;
• Lead security tabletop exercises to ensure all key employee understand their roles during an emergency and their responses to a particular emergency situation;
• Collaborate with the Legal, Risk Management, Compliance, CTO, CIO, Executive Management Team, Audit Committee, Board of Directors to develop and maintain our Incident Response Playbook;
• Oversee and lead the creation, communication and implementation of a risk-based process for vendor risk management, including the assessment and mitigation of risks that may result from partners, consultants and other service providers;
• Assess risk tolerance, implement and oversee appropriate security processes and foster a security-aware culture in a large corporate environment;
• Work with senior leaders across the business to determine acceptable levels of risk and ensure the security management program which follows applicable laws, regulations, contractual requirements, and policies to minimize or eliminate risk and address audit findings;
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action and liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture;
• Influence and persuade other senior leaders regarding complex and/or controversial situations, and use good judgment in staff oversight, collaboration with peers and policy implementation on all matters related to cybersecurity;
• Provide subject matter expertise to executive management on a broad range of security standards and best practices, including NIST, PCI, SOC, and SEC regulatory guidelines along with external security scorecards (i.e. BitSight, ISS);
• Review and recommend improvement to our business continuity plans to increase resilience aimed to ensure business operations continue to perform through a disruptive event.

REQUIRED SKILLS/ABILITIES

• Minimum of five (5) years of direct cyber security experience within the last seven (7) years, in the real estate industry;
• Bachelor’s degree from an accredited institution, with degree preferred in Computer Science or Information technology systems security or related field. Master’s degree preferred;
• Certified Information Security Manager (CISM) or Certified Information Systems Security ‘Professional (CISSP) Certification preferred;
• Knowledge of Information Technology Infrastructure Library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment;
• Working experience with the National Institute of Standards and Technology (NIST) Framework;
• Hands on experience with networking, and Real Estate Operational Technology (OT) preferred;
• Excellent written and verbal communication skills;
• Strong quantitative and analytical abilities with deep understanding of how to develop relevant metrics that not only track activity but also quantify the impact of security initiatives on the financial performance of the business.

WHAT YOU CAN EXPECT

At ESRT, like our tenants, our employees come from everywhere. We foster a richly diverse work environment that captures top talent and cultivates the best ideas. By focusing on inclusion and celebrating our differences, we create even greater value — in business practices, relationships, and employee engagement. As an Equal Opportunity Employer, we are committed to maintaining a diverse, inclusive and equitable work environment where our employees can thrive. In addition, ESRT employees embody our Company Culture & Success Factors -

• Adaptable – you are a self-starter who’s able to quickly digest and execute new processes to work both collaboratively and independently
• Dynamic –you are solutions-oriented, aim to improve processes and implement efficiency, and offer insightful feedback to improve ESRT
• Dependable – you take a strong sense of ownership and accountability over your work
• Passionate – you keep up with industry trends and are excited about the potential to propel the industry forward with a “roll-up-your-sleeves” attitude
• Curious – you consistently look for new ways to work smarter, not just harder
• Ethical – you treat others with respect, and embrace and contribute to a culture of diversity and inclusion
• Positive – you possess a service-oriented attitude with excellent follow through

The salary range for this position is $175,000 to $225,000. Salary is based on several factors including but not limited to education, work experience, job location, size of property where applicable, and/or certifications. In addition to your base salary, ESRT provides discretionary annual bonuses and offers long-term incentive options for eligible positions. ESRT offers comprehensive, competitive benefits & well-being programs including:

Subject to change based on position – i.e corporate vs. non-union, bonus eligible/ineligible & LTI eligible/ineligible

Benefits will also flex depending on position – i.e corporate vs. non-union

BENEFITS

• Competitive base salary and bonus.
• Health/Dental/Vision insurance.
• Company sponsored Life, AD&D, STD (with Salary Continuation), and LTD Insurance. Voluntary Enhanced LTD Program.
• Voluntary Hospital, Accident, and Cancer Programs.
• 401(k) with 100% match up to 5%.
• Paid parental leave.
• Pre-tax transit accounts.
• Employee Assistance Program for emotional, financial, and legal support.

WELL-BEING

• Generous paid time off.
• Flex remote work time.
• Flex Summer Fridays.
• Employee engagement programs.
• Volunteer time off.
• Continuing education.
• Complimentary Empire State Building Observatory access.
• Complimentary gym membership and other wellness benefits.
• Employee Discount Programs.