Chief Information Security Officer

Description

• Develop and implement an enterprise-wide information security strategy.
  
• Align security initiatives with business goals and regulatory requirements.
  
• Communicate cybersecurity risks, programs, and initiatives to executive leadership and the board of directors.
  
• Conduct regular risk assessments and ensure appropriate risk mitigation strategies are in place.
  
• Monitor emerging threats and adjust security measures as needed.
  
• Oversee the development and enforcement of cybersecurity policies, standards, procedures, tools, and technologies.
  
• Involves understanding each business group's functions and vulnerabilities and developing tailored risk management processes.
  
• Ensure compliance with applicable laws, regulations, and standards (e.g., ISO 27001, ISO 27701, ISO 22301, NIST, GDPR, OWASP 10, SANS 25).
  
• Ethical Hacking, VA/PT, security of third-party cloud infrastructure e.g., AWS.
  
• Manage security audits and regulatory examinations.
  
• Collaborate with legal and compliance teams to address governance requirements.
  
• Lead the design and implementation of security technologies and tools.
  
• Oversee incident response plans and ensure timely resolution of security incidents.
  
• Monitor and analyze security performance metrics.
  
• Develop and implement mitigation strategies to prevent future occurrences, ensuring the business safety posture.
  
• Partner with IT, legal, finance, HR, and other departments to integrate security into all aspects of the organization.
  
• Work with vendors and third parties to ensure robust security practices.
  

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred).
  
• At least 10 years of experience in information security management roles.
  
• Certifications such as CISSP, CISM, CISA, or equivalent.
  
• In-depth knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001), tools and technologies.
  
• Strong leadership and communication skills, with the ability to influence stakeholders.
  
• Experience with cloud security, endpoint protection, and modern security architectures.
  
• Deep understanding of technology and cybersecurity trends.

• Strategic thinking and problem-solving abilities.
  
• Ability to handle high-pressure situations, such as breaches or incidents.
  
• Excellent interpersonal and organizational skills.
  
• Build, lead, and mentor a skilled information security team.
  
• Promote a culture of security awareness across the organization.
  
• Provide training and development opportunities for team members.