Location: 100% Remote
Position Type: Direct Hire
The CISO is a senior leader responsible for establishing the enterprise vision and leading the program to ensure information assets and technologies are adequately protected. The CISO will be the liaison between the information security program and the organization. A member of the CIO’s executive team, the CISO works in collaboration across the various functions including Operations, Legal, Compliance, Risk, Treasury, HR and Finance.
Aligned to the NIST Cybersecurity framework, the CISO will be responsible for setting and executing the program strategy against all five functions of cybersecurity: Identify, Protect, Detect, Respond and Recover. The goal of the enterprise CISO is to reduce information technology (IT) risks, respond to security incidents, establish appropriate standards and controls, manage/recommend security technologies, and direct the establishment and implementation of policies and procedures.
Reporting to the CISO are the following functions: Security Operations, GRC, Identity Management, and Enterprise Resiliency.
- Communicate and co-ordinate with key business stakeholders to address information protection needs.
- Help to enforce a cyber aware culture, and work with the various lines of business and markets to enable business operations securely.
- Measure, assess, and articulate the company information security risk, and measures to reduce it, in a manner that all levels of the organization can understand and act upon with a strong balance of business acumen and technology knowledge.
- Synthesize IT risks in Board level presentations.
- Strong knowledge of all security related industry standards, regulations and compliance needs, e.g. PCI, SOX, FDA, GDPR, CCPA, HIPAA, ISO/IEC27001, ISO/IEC 27002, and NIST.
- Ability to empathize with the company's existing legacy people, process, or technology and help map a way forward.
- Lead and or coordinate activities across a diverse group of professionals with visibility to senior management.
- Drive architecture, engineering, deployment of a best-in-class information security environment to include knowledge of enterprise applications, cloud security (SaaS), operations, network and application security and data protection.
- Must have advanced skills and established experience in IT security and risk management (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies etc.).
- Knowledgeable of latest emerging technology and awareness of Cloud Security Solutions.
- Deep understanding of infrastructure components, including infrastructure security components (e.g. Network security, Firewalls, IDS, IPS etc.)
- Understanding of security architecture standard methodologies with demonstrated experience in deploying information security tools (Identity & Access Management, MFA, DLP, ATP, endpoint protection, MDM/MAM, SIEM, phishing mitigation, signature development), with networking, system administration, architectures and security elements and other IT technologies
- Demonstrable ability to balance and prioritize security requirements with business objectives and financial constraints
- Enterprise Incident handling experience in developing and leading a CSIRT
- Assist in ensuring regular updates and or presentation to the board and senior leaders.
- Assist in the support all technology and business planning activities at The Companies