CISO Professional

• We are seeking a skilled and experienced professional to join our dynamic team as the Chief Information Security Officer (CISO)
• As a mid-sized software company, we are looking for a candidate who can lead our information security efforts with a focus on safeguarding our digital assets, ensuring compliance with relevant regulations, and implementing robust cybersecurity measures
• This position is intended for a mid-level candidate with a focus on practical implementation and management of cybersecurity measures
• The role is designed for a hands-on leader who can effectively navigate the unique challenges of a mid-sized software company

• Conduct periodic assessments to evaluate and enhance the effectiveness of the Information Security Management System (ISMS).
• Ensure compliance with legal and regulatory requirements pertaining to Information Security (IS) through thorough evaluations.
• Assess adherence to organizational Information Security (IS) policies, procedures, standards, guidelines, and directives, providing guidance to the Executive Leadership Team (ELT).
• Conduct Information Security (IS) audits at least annually or following significant changes in IT systems/Infrastructure.
• Generate comprehensive IS audit reports inclusive of recommendations to enhance Information Security (IS).
• Seek senior management approval for IS audit reports before dissemination.
• Periodically share approved audit reports with the Executive Leadership Team (ELT).
• Lead customer facing reviews and Audits.

Desired Skills :

Strategic Planning

• Secure endorsement and guidance from top management to facilitate the implementation of Information Security (IS) measures within the organization.
• Identify IS goals and objectives aligned with organizational business needs and objectives.
• Clearly define the scope and boundaries of the Information Security (IS) program.
• Comprehend and adhere to legal and regulatory requirements related to Information Security.
• Develop comprehensive IS implementation strategies.
• Strategize and establish organization-wide Information Security Management System (ISMS) in accordance with the ISO/IEC 27001 Standard, directives, and other pertinent security standards.
• Establish a risk management framework to guide IS initiatives.
• Define key performance indicators and metrics for measuring the effectiveness of Information Security (IS).
• Obtain top management approval for the Information Security (IS) plan, budget, and resource allocation.

Policy Planning

• Identify Information Security (IS) policies, standards, procedures, guidelines, and processes.
• Establish a formalized process for creating, documenting, reviewing, updating, and implementing security policies.
• Clearly define the Information Security (IS) policy.
• Establish a policy for the classification of information and information assets.
• Take the lead in coordinating the development of organization-specific information security policies, procedures, guidelines, and processes in consultation with various stakeholders, including ELT.
• Obtain approval for Information Security (IS) policies, procedures, guidelines, and processes.

Information Security Management Responsibilities:

• Develop, maintain, and enhance organization wide IS and risk management plans.
• Disseminate and enforce IS policies, procedures, and guidelines.
• Integrate IS procedures with business processes and IT planning.
• Periodically evaluate and enhance the effectiveness of IS measures.
• Issue alerts, conduct risk assessments, and monitor security incidents.
• Manage records of IS incidents, take remedial actions, and report to ELT.
• Ensure compliance with legal and regulatory requirements for IS.
• Raise and maintain information security awareness.
• Evaluate and upgrade training and awareness programs.
• Lead the implementation of Business Continuity Plan (BCP) and conduct mock drills.
• Define and implement change management plans for IS systems and ISMS.
• Ensure compliance with IS by contractors/suppliers.
• Ensure that all storage media, when no longer required, are disposed security and safely as per laid down procedures.
• Ensure safety and security of portable computing devices/storage media when they are taken outside of the organization.
• Ensure all information systems with organization are adequately patched and updated.

Desired Qualifications:

• Bachelors degree in computer science, Information Technology, or related field.
• 10 years of experience in a senior cybersecurity role.
• Relevant industry certifications such as CISSP, CISM, or similar preferred.
• Strong understanding of software development security practices.
• Excellent communication and leadership skills