Job Description
Position Summary: The Chief Information Security Officer (CISO) is a senior member of the Risk Management leadership team, reporting directly to the Chief Risk Officer. The CISO is responsible for ensuring appropriate controls are in place for the security of information assets and safe guarding information by identifying and assessing reasonably foreseeable threats. The CISO and their team act as the center of competence for security compliance activities and responsibilities.
Duties and Responsibilities: - Establish the enterprise information security strategy and working with Technology and other units to implement this strategy through the InfoSec Program.
- Ensure the organization’s information security program is consistently enforced throughout the company.
- Manage the company’s IT security budget.
- Own, update and communicate/train on info security policies, procedures, guidelines and standards.
- Establish technology & info security risk assessment methods and ensure ongoing review of the program and related controls (using internal tools as well as industry standards – ie FFIEC guidelines, CAT tool, etc)
- Monitor security threats and vulnerabilities to determine the risks they pose to the business, and what countermeasures must be put in place to address them.
- Coordinate with the company’s business partners/vendors to determine adequacy of their information security programs. Also, ensure they are consistent with the company’s policies & risk appetite. As well as to evaluate any potential risks these partners may pose to its information assets.
- Determine what type of training employees & directors require to meet various security requirements.
- Engage in the development of new products and services, ensuring that their design takes technology risks & security into account from the beginning.
- Develop a formal contingency plan that details how the business will continue operating if a disaster wipes out its computer systems.
- Keep abreast of threats and vulnerabilities. To determine what countermeasures can be put in place, and periodically test.
Knowledge, Skills and Abilities Required: - Bachelor’s degree in computer science or related field, master’s degree preferred
- CISA, CISM or CISSP certification (or similar)
- 7+ years of progressive experience in info security and cyber security
- 3+ years leading IT, IT Risk or Info Security teams in a regulated industry
- Significant experience having designed IT Risk/Cyber Security programs and controls
- Experience in assessing & managing risks related to cloud environments, SaaS/BaaS programs and similar higher risk activities
- Ability to communicate security-related concepts to a broad range of technical and non-technical staff. Acting as a bridge between IT and business process owners.
- Strong problem solving and analytical skills
Job Tags