JOB DESCRIPTION

Job Summary

Description

The position will be responsible for leading the development and implementation of the company's information security strategy and programs. This role requires a seasoned cybersecurity professional with a deep understanding of the evolving threat landscape, industry best practices, and regulatory requirements. The CISO will work closely with executive leadership, IT teams, and other stakeholders to establish and maintain a comprehensive security posture that safeguards the company's data, systems, and intellectual property. The CISO will report to the CIO.

Job Responsibilities

Description

Develop and implement a comprehensive information security strategy aligned with the company's business objectives, risk tolerance, and regulatory requirements.

• Establish and enforce security policies, standards, and procedures to mitigate risks and ensure compliance with relevant laws, regulations, and industry standards.

• Oversee the day-to-day operations of the information security function, including incident response, threat detection and prevention, vulnerability management, and security monitoring.

• Design and implement robust security architectures and controls to protect the company's infrastructure, applications, and data assets from cyber threats and vulnerabilities.

• Implement effective identity and access management controls to ensure the appropriate access levels and privileges for employees, contractors, and third-party partners.

• Develop and deliver security awareness and training programs to educate employees about security best practices and promote a culture of security awareness and compliance.

• Assess and manage security risks associated with third-party vendors and service providers, ensuring that appropriate security controls are in place to protect sensitive data and assets.

• Ensure compliance with relevant regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) and industry standards, and manage security audits and assessments.

• Lead incident response efforts in the event of security breaches or incidents, coordinating with internal teams and external stakeholders to contain and mitigate the impact.

• Establish key performance indicators (KPIs) and metrics to measure the effectiveness of the information security program, providing regular reports and updates to executive leadership and the board of directors.

Education

• Bachelor's degree in Computer Science, Information Security, or a related field; advanced degree preferred.

Experience•

Proven experience (5+ years) in a senior leadership role overseeing information security strategy, operations, and compliance.

• Deep understanding of cybersecurity principles, practices, technologies, and frameworks (e.g., NIST, ISO 27001, CIS Controls).

• Experience leading security incident response and crisis management efforts, with a strong ability to make decisions under pressure.

• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.

• Strong leadership and management skills, with the ability to build and motivate high-performing teams in a fast-paced, dynamic environment.

• Strategic thinker with a track record of developing and implementing effective information security programs that align with business objectives and mitigate risks.

Skills/Cert/Licenses

• CISSP Certified preferred

Equal Opportunity Employer-Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity.