Chief Information Security Officer
Burlington, MA, USA | Leading Information Technologies Company
Functions:IT / Information Technology
Job Description:85 people have viewed this job
As the senior most security role for the company, this position will drive focus on key security issues globally and will facilitate the promotion of information and physical security across the Leading Information Technologies Company International Group business worldwide. The Chief Information Security Officer will also lead and define the company’s information security strategy and associated compliance programs, provide leadership and set tone from the top, set clear accountabilities for security, and develop a strong culture of handling and managing corporate assets sensitively and effectively.
Reports directly to the Chief Information Officer.
Defines and drives the global information security strategies for Leading Information Technologies Company International Group.
Manages a global team comprised of internal and external security experts.
Serves as the central point of contact for senior management requests and reporting for security-related issues on a global basis.
Provides best practices and global standards for product and service implementations to the product and leadership teams.
Identifies issues and concerns of a security nature raised by company initiatives and advises on solutions to help resolve them. Fosters and maintains appropriate working relationship with the firm’s primary regulators and stakeholders.
Administers and participates in the execution of escalation procedures for security breaches including determination of notifications to regulators and clients.
Works closely with the Legal/Compliance Team to ensure appropriate understanding of regulatory requirements, appropriate risk assessment processes, and appropriate risk mitigation strategies.
Partners with other areas of the business to incorporate comprehensive response programs for security based incidents including Corporate Communications, Legal, Public Relations, Investor Relations, Engineering, Operations etc.
Develops and monitors the business plan and budgets for the unit in line with corporate goals.
Oversees business and functional unit operations to ensure compliance with internal and external regulations and that escalation procedures are followed.
Ensures that all procedures, systems and controls are regularly reviewed and in line with the risk profile of the unit.
Maintains ongoing and current knowledge of evolving security legislation and laws and revise EIG’s security program to ensure it remains effective in meeting the expectations of laws, regulations, and/or company policy.
Provides strategic oversight to business line development through identification of key issues and trends.
Reports regularly to corporate and regional committees including with appropriate, timely and relevant information so that the Committees can discharge their responsibilities effectively.
5+ years functioning as an information security executive (CISO, VP/Director of Information Security) in multinational public company
10+ years as an information security practitioner in at least two of the core information security disciplines (GRC, Incident Response, Security Architecture, or Application Security)
Deep knowledge of technical operations/IT including best practices [ITIL], tooling, and production incident response [recovery management] and has comprehensive knowledge of at least 1 of the practices
Deep knowledge of all facets of risk management and comprehensive knowledge of security risk management practices
The ability to communicate the organization risk posture to the senior executives/board and recommend risk treatment options
Working knowledge of insurance and how it can be used in risk treatment
Extensive experience providing cross-functional leadership, demonstrating ability to deliver on a range of security projects/issues with global impact.
A highly motivated leader with a proven track record of strong communication, influencing skills and the ability to liaise with the most senior /executive levels of the organization.
Excellent understanding and working knowledge of current security legislation, practices & techniques.
Security-related certification – CISSP, CISM, or equivalentExtensive experience in PCI regulations and compliance