Chief Information Security Officer

About

The CISO is responsible for leadership of the cybersecurity program as the organization undergoes a transformation journey. They are a dynamic leader with experience in securing a highly distributed global enterprise. The CISO will also play an integral leading role in transformation of the organization, directing internal and outsourced security staff to build-out cybersecurity solutions, building out the cybersecurity function, and bridging technical knowledge with business acumen into key areas across the organization. CISO will report to the CIO.

Responsibilities

• Establish and maintain a comprehensive organization-wide information security program to ensure that information and assets are adequately protected against current, future, internal, and external threats
• Forge strong alliances with the business, IT and Legal leadership to ensure all requirements to maintain existing commercially as well as industry levels of compliance and cyber risk mitigation are strictly monitored and maintained
• Provide in-depth cybersecurity expertise and guidance on execution throughout build-out of product development, Information Technology (IT), and Operational Technology (OT) critical infrastructure
• Manage the selection, build-out, and successful implementation of vendor managed services and related solutions across cybersecurity domains (e.g., endpoint security, network security, identity and access, SOC, backup, incident response)
• Stay ahead of all global information technology and data privacy rules, regulations, and even societal norms in all countries in which we operate
• Recommend changes to existing information security and related policies and the creation of new policies as needed in alignment with the corporate Legal team
• Partner with the General Counsel on the definition, implementation, and review of cybersecurity governance and risk management processes, metrics, and results, with focus on continuous improvement
• Promote cybersecurity training and awareness program across the organization
• Lead response and resolution of system compromises, data security breaches and other security events related to company products and services
• Interface and collaborate with other departments (e.g., IT, Legal and LOB) to support further build-out of an effective cybersecurity program
• Identify opportunities to implement IT and other security controls that mitigate the chance of ransomware attacks or similar incidents
• Serve as a primary subject matter expert in global cybersecurity matters, including interfacing with Client audit/diligence requests and other external-facing matters
• Support IT in strategy, development, testing, and maintenance of incident response and disaster recovery plans
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements
• Develop a best-in-class cyber security team composed of internal and partner resources

Requirements

• Bachelor's degree in a major science or engineering discipline (e.g., Cybersecurity, Information Systems, Electrical, Mechanical, Software, IT) or related field
• In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure
• 10+ years of experience in a cybersecurity focused on Operational Technology and/or Critical Infrastructure, delivering results
• 5+ years of supervisory experience, particularly managing a small team and outsourced cybersecurity personnel
• CISSP, HCISSP, or CISM certification
• Working knowledge of cybersecurity control frameworks, such as ISO 27001, HiTrust, NIST 800-53, and IEC 62443
• Demonstrated experience in managing the resolution of a cyber event (ransomware, data breach, etc.)
• Advanced knowledge of securing cloud infrastructure, such as Amazon AWSor Microsoft Azure
• Experience designing, architecting, implementing the following technologies: SIEM, EDR/MDR, ZTA, SDN
• Advanced knowledge of data privacy regulations and associated processes
• Ability to work across multiple time-zones and geographical areas (e.g., USA, EU, APAC)
• Ability to manage ongoing multiple workstreams, and responsive to critical situations and changing priorities
• Excellent written and communication skills
• Self-motivated and entrepreneurial spirit
• Willingness to learn and adapt to a dynamic environment
• Travel, domestic and international, may be as much as 25%

Employment Type: Full-Time

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

This is a remote position in the US. We are open to candidates in various states, with the exception of those residing in the following: AK, DC, DE, ME, NH, NM, OK, HI, MS, MT, NV, NE, ND, SD, VT, WY, WV

Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets. The U.S. pay range for this position is $230,000 - $250,000 annually. Ultimately, in determining pay, we will consider the successful candidate's location, experience, and other job-related factors.

Group benefits currently include a selection of health care plans with prescription drug coverage, dental plan, vision plan, basic and supplemental life insurance, a flexible spending account for medical and dependent care expenses or a health savings account based on plan selection, short/long term disability and 401(k) Savings Plan.

Bachelors (required)

Advanced knowledge of data privacy regulations and associated processes (required)
Experience designing, architecting, implementing the following technologies: SIEM, EDR/MDR, ZTA, SDN (required)
Advanced knowledge of securing cloud infrastructure, such as Amazon AWSor Microsoft Azure (required)
Demonstrated experience in managing the resolution of a cyber event (ransomware, data breach, etc.) (required)
Working knowledge of cybersecurity control frameworks, such as ISO 27001, HiTrust, NIST 800-53, and IEC 62443 (required)
CISSP, HCISSP, or CISM certification (required)
5 years: Years of supervisory experience, particularly managing a small team and outsourced cybersecurity personnel (required)
10 years: Years of experience in a cybersecurity focused on Operational Technology and/or Critical Infrastructure, delivering results (required)
In-depth, up-to-date, and broad knowledge of the Information Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure (required)