Chief Information Security Officer

About the position

The Chief Information Security Officer (CISO) is responsible for developing and implementing an information security program that includes procedures and policies frameworks for application security, infrastructure security, compliance and security operations. Reporting to the Chief Information Officer, the CISO will oversee the organization's information security strategy, manage a team of security professionals, and ensure compliance with relevant laws and regulations. The ideal candidate will possess deep technical expertise in the field of Information Security with a successful history of delivering Enterprise-wide security programs.

Responsibilities

• Develop, implement, and coordinate enterprise-wide information security program that aligns with business needs and compliance responsibilities
• Define and execute both vision and strategy for the entire company's security risk management program to include organizational security, information technology, application security, and compliance
• Build and drive a cybersecurity strategy and framework, with initiatives to secure the organization's cyber and technology assets
• Evaluate and prioritize risks and emergent security threats throughout our organization, recommending mitigation strategies and identifying risks associated with current and future systems
• Coordinate IT Security Governance activities, including monitoring, evaluating, reporting on, directing security efforts, and establishing security-related policies and procedures
• Coordinate internal and enterprise communications and communicate technical information in a manner that enables effective strategic decisions for both technical and non-technical stakeholders
• Oversee information security incident detection, response, and recovery to mitigate the impact and ensure timely resolution and communication
• Manage all teams involved in IT security, including hiring and developing a pipeline of talent, providing training and mentoring to security team members
• Lead a third-party oversight function to assess, onboard, and monitor key suppliers, ideally using a risk-based approach
• Oversee the security awareness programs to educate employees about information security and their role in protecting the organization's assets
• Perform periodic information security-related risk analyses, prioritize risks, and implement effective risk mitigation processes to protect the enterprise information assets
• Communicate security policies and procedures to all personnel and monitor compliance, provide periodic reporting on the information security program to leadership
• Coordinate with legal and compliance to ensure compliance with laws and regulatory requirements
• Maintain company certifications (SOC2, ISO27001 etc.)
• Manage client compliance program including client audits, contractual compliance
• Lead cybersecurity operation and implement contingency plans for disaster recovery protocols and business continuity plans with business resilience in mind
• Stay current with emerging security trends, threats, and technology solutions to ensure the organization maintains a robust security posture
• Other duties and special projects as assigned

Requirements

• Bachelor's Degree from an accredited institution in Computer Science, Information Technology, Engineering, Cybersecurity, Mathematics, Business, or a related field required; advanced degree in a related technical, audit, law, or security field preferred
• 10+ years of experience in evolving information security and IT roles, including 3+ years' experience as a Chief Information Security Officer and 5 years' leadership/management-level experience with enterprise-level security programs, policy, and administration
• Certified Information Systems Security Professional (CISSP) required; additional certifications (CRISC, CISA, CISM, CISSP or similar) desirable
• Deep understanding of cybersecurity principles, frameworks, standards, and best practices, including NIST 800-53 and Cybersecurity Framework (CSF), ISO 27001, SANS, OWASP, COBIT and others. High familiarity with privacy laws across all global jurisdictions
• Familiarity with relevant legal and regulatory compliance requirements, such as cybersecurity laws, financial regulations, data protection laws (e.g., SOC2, HIPAA, HITECH Act, GDPR), and industry-specific regulations
• Knowledge of network architectures, including cloud security, firewalls, and intrusion detection/prevention systems
• Knowledge of Cloud platforms, such as AWS, Azure, Google Cloud, and protecting data stored within such environments
• Strong security architecture background with experience building and driving a cybersecurity strategy and framework, with initiatives to secure the organization's cyber and technology assets and prevent, mitigate, and recover from security breaches and incidents
• Strong understanding of information security principles, practices, and technologies, including network security, application security, cloud security and endpoint security
• Excellent oral and written communication skills and the ability to adapt your communication style across various audiences - technical, executive, user
• Strong leadership skills, both within the information security business unit and as a collaborator with other business units and stakeholders
• Demonstrated success in building and leading high-performing teams in dynamic environments
• Strong sense of urgency, personal responsibility, accountability; self-motivated, efficient, and effective
• Excellent organizational and time management skills, able to initiate, organize, prioritize, and coordinate multiple & complex projects