Chief Information Security Officer
Auburn, WA, USA | Zones
Functions:Consulting - IT
Job Description:67 people have viewed this job
The Chief Information Security Officer (CISO) is a senior Information Security executive accountable for the development and oversight of policies and programs intended for the mitigation and/or reduction of compliance, operational, strategic, financial and reputational security risk strategies relating to the protection of data, systems and technology.
This position combines responsibility for Cybersecurity, Security Architecture and Engineering, Education and Awareness, Governance Risk and Compliance, and Identity and Access Administration (IAM). You will be primarily focused on Zones’ corporate assets but also responsible for Cyber security operational components supporting client engagements and platforms.
The Chief Information Security Officer operates within the IT organization and works closely with the Legal group as well as the Services organization.
Based in Houston, TX or Auburn WA, the successful candidate will be an innovative and strategic leader who can drive Zones’ security program to its next level of maturity.
In order to be successful in this global role, the candidate must have a strong understanding of cybersecurity, including the technical aspects, have a thorough understanding of cloud security technologies and security best practices, be able to directly manage a global cybersecurity crisis, have extensive experience in a large distributed global enterprise, have strong people skills and be able to effectively communicate with stakeholders at all levels in the organization. Additionally, the leader must have experience working with global associates in North America, Europe and Asia Pacific.
The Chief Information Security Officer will be a key member of the leadership team whose charter is to own our IT security posture, processes and standards, globally. We are looking for an individual who wants to make an impact and grow professionally.
Zones is a diverse technology company with over $2 billion USD in revenue and clients ranging from mid-market companies to Fortune 500 enterprises. Our business model is complex, and we are rapidly evolving from a product sales company to an IT solutions and services company. This requires us to transform how we interact with our customers, what steps we take to empower our team members, and how we optimize our internal operations and our interactions with vendors and partners.
The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The CISO is primarily responsible for:
Developing an effective strategy to assess and mitigate risk (foreign and domestic), managing crises and incidents, maintaining continuity of operations, and safeguarding the organization.
Directing staff to identify, develop, implement, and maintain security processes, practices, and policies throughout the organization to reduce risks, respond to incidents, and limit exposure and liability in all areas of informational, financial, physical, personal, and reputational risk.
Ensuring the organization’s compliance with local, national, and international regulatory environments where applicable to the accountability of this role (e.g. privacy and data protection).
Researching and deploying state-of-the-art technology solutions and innovative security management techniques to safeguard the organization’s personnel and assets, including intellectual property and trade secrets.
Recruiting, hiring, and retaining a top performing and diverse team of security professionals to execute on the comprehensive security strategy.
Establishing appropriate standards and associated risk controls.
Staying ahead of the global threat landscape and the technologies used to defend corporate assets, reputation and revenue-streams.
Tracking the latest technical security innovations and paradigms (e.g. Zero Trust Model) and mastering the latest cyber security technologies.
Developing relationships with high-level officials in law enforcement and international counterparts to include in-country security and international security agencies, intelligence, and other relevant governmental functions as well as private sector counterparts worldwide.
Managing/addressing Zones’ commercial and statutory needs as they relate to security (e.g. technical responses to bids/RFQs for security questions, deciding on optimal set of standards to abide by and instituting processes/controls accordingly).
IT security - typically addresses security related risk issues across all layers of an organization's technology stack. This may include:
Emerging Technologies and Market Trends
Identity and Access Management
Incident and Crisis Management
Information and Privacy Protection
Risk and Compliance Management, Security Architecture
Organizational Resiliency Programs and Assessments
Threat, Intelligence and Vulnerability Management
We are seeking candidates with the following experience and skills:
Who You Are
You have a high level of personal integrity and the ability to handle confidential matters professionally and demonstrate the appropriate level of judgment and maturity in balanced risk decision making. You understand the complex geopolitical environment of crime, hacktivism and nation-state activity. You are able to integrate your deep knowledge of security implications for networks, systems and implications with business process and behavioral security concerns into a single risk picture. Operating in a highly dynamic environment with the ability to respond and react decisively in a changing set of circumstances and priorities come naturally to you.
You can quickly assess complex situations and take appropriate action, such as during security incidents. You possess intellectual curiosity, out-of-box-thinking, strong problem-solving skills, excellent communication skills, and an ability to work and influence across multiple stakeholder groups. You have the ability to not only negotiate and communicate with key stakeholders where commercial appetites conflict with risk mitigating controls; but also to show confidence defending a strong risk position ensuring that Zones’ increasingly client-integrated IT is well protected against incidents and attacks.
15+ years of relevant information security experience, ideally with an engineering/architecture background
Experience communicating information security related concepts to a broad range of technical and non-technical audiences; will have to be an articulate and persuasive leader who can serve as an effective member of the senior leadership team
Exceptional communication skills necessary to advise and influence senior management, the Board of Directors and external organizations
Strategic leadership skills to drive the company’s vision for cyber security while maintaining an execution-oriented mindset to drive results; an entrepreneurial spirit; ability to serve as a hands-on leader
Technical background in cyber risk management, privacy, and incident response
Thorough understanding of IT systems and security tools, including methods, procedures, equipment and software used for delivery; deep understanding of Cloud, Internet of Things, and database development
Knowledge of the breadth of security technology options and associated vendors, including how they are deployed in architectures
Deep knowledge of Cloud Security (Microsoft, AWS, Google, etc.) and extensive security knowledge of Microsoft O365 / CSP and Azure Security
A track record of assessing threat and vulnerability from a business perspective as well as a technical perspective; and the ability to develop and champion affordable, efficient and timely security architectures and solutions that support growth of the enterprise’s business.
Strong business acumen, to understand business drivers and provide support for the executive team
Experience implementing security technologies, including encryption, network security, intrusion detection, and digital forensics
The ability and drive to advocate for continuous improvement and the ability to challenge the status quo
Expertise in regulatory and compliance environments
Experience with the security implications of mergers and acquisitions, disposals and business joint ventures
Proven track record of consultative approach and proactive communication with stakeholders
Current knowledge of trends in IT and experience evaluating/implementing vendors and solutions
A leadership style with transformation and continuous improvement at its core
Proven ability to consistently and collaboratively resolve issues, mitigate roadblocks, and meet all financial and management goals on time
A history of thriving in a fast-paced and often ambiguous environment
The ability to work with both business and technology stakeholders and to create strong relationships
Creative problem-solving skills, strategic perspective, and high degree of intellectual curiosity
Excellent communication skills and a positive attitude
CISM and CISSP certifications
MBA or relevant advanced degree preferred
Alrdeady a member? Sign In