Director - Chief Information Security Officer (10-17 yrs)

Summary:

We are seeking a highly experienced and strategic Chief Information Security Officer (CISO) - Senior Director to lead our information security program. The successful candidate will be responsible for ensuring the security of our digital assets, managing cyber risks, and maintaining compliance with industry regulations. The CISO will collaborate with other senior leaders to align security initiatives with business objectives and drive the organization's security posture to the next level.

Roles and responsibilities:

Strategic Leadership:

- Develop and implement a comprehensive information security strategy aligned with business goals.

- Lead the Information Security team, fostering a culture of security awareness across the organization

- Serve as a key advisor to the executive team on security matters.

Risk Management:

- Identify, assess, and prioritize security risks, and develop mitigation plans.

- Oversee security risk assessments, vulnerability management, and incident response activities.

- Implement and manage a robust security governance framework

Policy and Compliance:

- Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001).

- Develop, implement, and enforce security policies, procedures, and standards.

- Conduct regular security audits and assessments to ensure ongoing compliance

Incident Response:

- Lead the organization's response to security incidents and breaches, including investigation, containment, and remediation.

- Develop and maintain an incident response plan and conduct regular drills.

Data Protection and Privacy:

- Oversee Information and data protection and privacy for tools and products

- Ensure that data protection practices comply with relevant laws and regulations and align with the organization's security strategy

Security Architecture:

- Design and oversee the implementation of secure infrastructure and architecture.

- Ensure the integration of security controls in system and application development processes.

Training and Awareness:

- Develop and implement security awareness programs for employees and stakeholders.

- Provide training and guidance on security best practices and emerging threats.

Collaboration and Communication:

- Work closely with IT, legal, compliance, and other departments to integrate security into all aspects of the business.

- Communicate security initiatives, risks, and status updates to the executive team and board of directors.