Job Description

Chief Information Security Officer

Scope of Opportunity:

As the CISO, you will be a member of the Leadership Team, Operations Committee, Risk Committee and be the chair of the Technology and Information Risk working group. You will represent security and technology risk management at the executive level, including regular communication with the Board of Directors and senior executives.

The CISO candidate will be the lead advocate to guide overall security posture.

ROLE & RESPONSIBILITIES:

Responsibilities will include, but are not limited to the following Leadership and Governance:

- Develop and implement a strategic long-term information security strategy and roadmap to not only ensure the Company\'s and its customers\' information assets are appropriately protected, but also is in compliance with all jurisdictional privacy and regulatory policies.

- Provide leadership, guidance, direction, and independent assessments on our information security program across the organization (executive leaders, architects, engineering, infrastructure, information security, building security, professional services, product, etc.)

- Advise and partner with leadership on risk issues related to technology and information security and recommend actions in support of the organization\'s wider risk tolerance

- Monitor internal security trends and keep leadership informed of potential threats and related risk

- Monitor the industry and external environments for emerging threats, evolving vulnerabilities and advise relevant stakeholders.

- Drive a program to build capability and maturity across information security and all of Technology.

- Provide regular updates to the executive team and board on the security policies, governance, risks, maturity level, and status of security at the company

- Drive a strong culture of security; lead and influence necessary organizational changes, process improvements, technology selection and adoption and build continuous security awareness and improve security education across the company.

- Represent clients and in industry forums to drive ongoing improvement and understand the business environment

- Ensure our product development teams are building with security in mind and moving to a DevSecOps culture.

- Hire, develop, mentor, and grow the IT Security Team.

Security Operations:

- Work with Architecture, Engineering, and Operations teams to identify and continuously maintain a comprehensive suite of security tools and monitoring technologies that integrate effectively, keep pace with evolving threats, and keep the company secure across all data centers and network operations

- Establish central security operations practice (operations and tools) that can continuously monitor, hunt, detect, and respond to threats from internet and internal network traffic, servers, endpoint devices, desktops, etc.

- Management of an external managed detection and response security service provider / security operations center (MDR/SOC) including monitoring performance, continuous process improvement and MDR role expansion - as a direct extension of your internal team

- Provides oversite and guidance for business continuity planning and practices, including network redundancy, disaster recovery infrastructure planning and provisioning, code and database replication and storage, etc.

- Lead security incident response and investigation at the executive level. Design and oversee response practices; including clear and consistent communication to other executives, the board of directors, customers and law enforcement and regulators as appropriate.

- Coordinate and track all information technology and security related audits, including scope of audits, organizational units involved, timelines, auditing agencies and track outcomes and remediation as required.

- Create and oversee penetration testing and vulnerability management efforts. This includes threat hunting and emulation efforts designed to detect and repair vulnerabilities across the enterprise network, determining where the architecture lacks sufficient security controls that could be exploited by an adversary.

- Develop and manage an innovative and current cybersecurity training and awareness program that looks both internally at developing professionals in the field and educating employees across the company. Ensure employees at all levels receive training to prevent security breaches and build a security-conscious workforce. Security Engineering

- Defines and maintains working knowledge of security standards, frameworks, certification requirements, and accreditation standards.

- Ensure our commercial software development lifecycle is secure end-to-end: environments; code testing, deployment, and repositories, etc.

- Provide security architecture reviews, recommendations, and engineering for new and emerging technology solutions. Continuously tests the efficacy of our commercial software solutions and works with the engineering teams to remediate and prevent future vulnerabilities

Skills and Requirements:

- 12+ years of security leadership experience. Experience supporting a growing security engineering practice with experience migrating to a cloud-first environment

- Experience with Business Continuity planning and Disaster Recovery

- Experience setting up and managing an outsourced MDR/SOC.

- Experience with corporate change management, including technology, culture, and communications

- Proven credibility in influencing and working effectively with peers across departmental boundaries.

- Excellent leadership, people management and organizational development skills, with a demonstrated ability to motivate others in a team-oriented and collaborative environment.

- Excellent verbal and written communications and interpersonal skills, with the ability to build successful relationships with all levels. Comfortable working with sponsors and board advisors.

- Proven high level of integrity, trustworthiness and confidence, as well as ability to represent the company and security leadership with the highest level of professionalism. Familiarity and experience applying various industry control and risk frameworks including: CIS, NIST CSF, ISO 27001 etc.

- Bachelor\'s Degree in Computer Science or related field. Master\'s Degree is desirable

IIM Jobs