Job Overview:
The Chief Information Security Officer (CISO) is responsible for establishing, implementing, monitoring and enforcing information security standards and policies Company-wide. The CISO is also responsible for the creation and maintenance of Company-wide information security strategies and overseeing the execution of plans reporting to the Global Chief Information Officer and working with the Company’s Information Security Steering Committee. The CISO oversees the creation and maintenance of information security policy, leads on-going Company-wide security risk assessment and status reporting efforts, and is responsible for the creation and roll-out of security awareness and training programs Company-wide. He or she also advises and collaborates with the Vice President of Information Systems Infrastructure and other IS executives through-out the Company who are responsible for directing projects for network and systems security.
In addition, the CISO is responsible for review and direction of business system continuity and disaster recovery plans as well as information security audit and regulatory compliance. In general, the CISO is charged with the responsibility for building an accountable, information security-conscious culture and a system security infrastructure built on high quality standards backed-up by effective operational procedures as well as regular status monitoring and reporting activities. The CISO will directly manage the Global Services Information Security team and will direct their activities and priorities.
Duties include:
• Serve as an expert advisor to senior management in the development, implementation and maintenance of a Company-wide information security infrastructure, that ensures best practice control objectives for system integrity, availability, confidentiality, accountability and assurance within the context of the Company’s risk tolerance as set by senior management.
• Identify and propose key information security program priorities, initiatives, plans, practices and tools.
• Oversee execution of approved information security project plans and provide regular status reporting on progress of such projects.
• Provide guidance (e.g., information security risk severity assessments / relative cost benefit analysis etc.) and provide recommendations regarding prioritization of system security infrastructure investments that mitigate risks, strengthen defenses and reduce vulnerabilities. Draft and propose Company-wide information security strategy and action plans based on Company-wide risk assessment and gap analysis. Develop, publish, and maintain comprehensive information security standards, policies, procedures and guidelines. Act as the primary Corporate control point during follow-up on significant information security incidents, oversee development of response plans and provide timely update reporting. Advise the management team on risk issues that are related to information security and recommend actions in support of the Company’s wider risk management programs. Collaborate within the Global Information Services network to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required. Monitor information security trends and evolving technologies as well as keep senior management informed about related information security issues and implications for the Company. Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the Company on a timely basis. Provide guidance to business units as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with the Corporate Human Resources and Legal departments as appropriate. Maintain relationships with local, state, and federal law enforcement and other related government agencies as needed.
Engage and direct outside consultants as appropriate on information security audits. Conduct regular and ongoing monitoring of and reporting on Company-wide compliance with information security standards and policies. Collaborate with Internal Audit as a business advisor on information security matters. Direct the development and enforcement of information security and privacy policies in compliance with federal and state regulations and standards. Qualifications Qualifications Must be an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization Should have experience with business system continuity planning, auditing, and risk management as it relates to information security. BA, BS or Masters degree in a computer science or information systems related discipline, A Masters in Business Administration a plus.
Contact Information:
Ryan Mac Donald
Senior Technical Recruiter
Saicon Consultants
913-451-1178 #14
rmacdonald@saiconinc.com
Send me a linked in invite to connect for the future:
http://www.linkedin.com/in/ryanmacdonaldtechnicaljobs
For a more complete job list visit my Blog at:
http://ryanmacdonald1.wordpress.com/
About me
- Ryan Mac Donald / Saicon Consultants
- Overland Park, Kansas, United States
- I provide career assistance to individuals looking for a career change in Information Technology.
No comments:
Post a Comment