Chief Information Security Officer
Chief Information Security Officer
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.
The CISO will be a visionary leader comfortable with an agile, fast-moving workplace with a working knowledge of cybersecurity technologies covering the global enterprise network as well as the broader digital ecosystem. The CISO will work with business and IT leaders to define, publish, and govern policies and standards for information risk and security. He or she will also understand IT and implement, oversee, and run cybersecurity, risk management, policies, disaster recovery/business continuity programs, identity and access management, and compliance activities related to IT to ensure the achievement of business outcomes.
The CISO must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. He or she should be well aware of the operational compliance and regulatory requirements applicable to the firm including ISO 27002, NIST, NAIC, state regulations, etc.
- Establish governance: Work with PMO to ensure that information security requirements and checkpoints are included in projects. Work with procurement and vendor management to ensure information security requirements are included in contracts. Work with architecture to ensure security requirements are included in architectures and designs.
- Establish and manage an information security awareness training program for the enterprise.
- Lead the daily operation of the IT security function. Manage the staff and budgets associated.
- Develop and maintain an information security vision and strategy aligned to organizational priorities and relevant regulatory inputs; drive projects that implement and further the strategy or respond to regulatory needs. Ensure the implementation of up-to-date practices and technologies to minimize the risk of cyber-attacks, data loss, reputational impacts, etc.
- Develop and maintain an up-to-date security management framework based upon a standard framework in the industry. Develop and maintain a document repository of security policies, standards, and guidelines, overseeing the approval, publication, and governance of the same.
- Facilitate a metrics and reporting framework to measure the effectiveness of the IT security program, including assessing threats, gaps, and other risks. Report to the board and senior leadership.
- Develop, maintain, and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals. Ensure adequate testing of these programs takes place periodically.
- Overseeing the execution of security audits, risk assessments, penetration tests, red/blue exercises, DR/BCP tests, vulnerability assessments, and continuous improvement programs.
- Implement and oversee security monitoring and threat assessment programs.
- Participating in M&A activities in order to evaluate IT risk & security at companies targeted for acquisition.
- Develop processes to handle security incidents and trigger investigations; oversee investigation of security breaches and participate in reporting of same.
- Minimum of 7-10 years of experience in IT Security roles including risk management, information security, cybersecurity, etc. with at least 5 in a senior leadership role.
- Excellent oral and written communication skills, interpersonal and collaborative skills, with the ability to communicate information security and risk-related concepts to technical and non-technical audiences at all levels.
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
- Proven track record and experience in developing information security policies and procedures
- Knowledge and understanding of relevant legal, compliance, and regulatory requirements a global insurance company must adhere to including SOX, HIPAA, PCI, GPDR, etc.
- Ability to lead and motivate the information security function to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist
- High degree of initiative, dependability, and ability to work with little supervision while being resilient to change
- Knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT, NIST, etc.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work in an agile, demanding, dynamic environment and meet overall objectives.
Information Security Architect - Leading insurance company
- Dublin South, Dublin
- 20 days ago
Looking fro experienced IT information security architect to join a leading general insurance company to be responsible for the global security operation. With the responsibility of being the primary point of contact related to Security, this person will be responsible for assisting the... Read More
Cyber Security & Information Assurance Manager - Government
- London, England
- £65000 - £80000 per annum + car, pension, bonus, extras
- 12 days ago
Oliver James Associates is mandated by their tier one client based in London to help find cyber & information security professionals with deep experience within the government and public sector to join their team. Basic salaries can rise up to £80,000 initially plus bonus, pension, extr... Read More
Lead Security Architect
- City of London, London
- £80000 - £95000 per annum
- 20 days ago
The role of the Lead Security Architect is the management of several Application and Cloud related Security Architecture projects. The Lead Security Architect will own the 3 year roadmap globally for the business and be seen as a subject matter expert on Application Security. The Lead S... Read More
Cyber Security Manager - Manchester
- Manchester, Greater Manchester
- £50000 - £60000 per annum
- 5 days ago
Oliver James Associates are mandated by their tier one client based in Manchester to help find cyber & information security manager. Basic salaries can rise up to £60,000 initially plus bonus, pension, extras, car allowance etc. Oliver James Associates are mandated by their tier one cli... Read More