Company is looking to hire a CISO as part of its strong commitment and continued investment in privacy and security. The CISO will lead all aspects of cyber and information security and will be responsible for developing and executing a comprehensive security program to ensure the company’s assets, business processes and interests are protected and that risks are managed. The position will define strategy, develop a plan, manage globally distributed teams, track the budget and update the board of directors' audit committee. The CISO will partner with the legal, IT, engineering and technical operations teams and will communicate with partners, vendors, clients and auditors to ensure Company’s security related initiatives are well represented and that the program is aligned with the business interests.
- Direct the strategy and the overarching security program to protect the company’s asset and business processes and manage that program and its operations.
- Update and brief the board of directors' audit committee on status, risks and threats
- Manage the program’s budget and negotiate with vendors to ensure operational efficiency
- Develop policies, procedures and controls to ensure compliance with applicable contractual, regulatory, legal and audit requirements as well as good business practices.
- Manage the teams, employees, contractors and vendors that take part in the program.
- Hire, on-board and mentor additional internal and external resources according to the budget. Manage performance of low performing employees.
- Drive a cultural change to embed security across all business units and workflows. Ensure training and awareness across the organization.
- Ensure that disaster recovery and business continuity plans are in place and tested
- Ensure an effective and comprehensive IR policy and plan is in place and tested
- Oversee and improve the vulnerability management, penetration testing and security posture assessment programs
- Constantly update the cyber security strategy to leverage new technology and threat information
- Develop and maintain technology and operations roadmaps to ensure control coverage and operational efficiency for various programs: DLP, IAM, SIEM, VRM, MDM, DEV-SECOPS, penetration tests, vulnerability management, etc.
- Increase the maturity of the organization’s information security program and ensure it is optimized.
- 10+ years of progressive experience in information security related roles
- 5+ years of demonstrated experience with managing global teams across multiple functions
- Demonstrated experience in developing and leading security programs for international companies
- Successful experience getting audited or certified for SOC-1, SOC-2, SOX or ISO-27001
- Experience in ensuring compliance with GDPR, CCPA, HIPAA, COPPA or PCI from a security perspective.
- Hold an industry recognized certification in security (CISSP, CISA, CISM, CEH, etc.)
- Deep understanding of IT infrastructure and systems
- Deep understanding of application security
- Superior written, presentation, and verbal communication skills
- Exceptional organizational, interpersonal and team skills