Responsibilities:
Establish and maintain the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. This includes owning all standards, policies, and procedures that help protect the organization’s assets. Responsible for identifying, evaluating, and reporting on IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. Responsible for recovery/building operational resilience driving readiness to minimize operational disruption and ensuring business continuity in the event of a cybersecurity incident.
Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. Coordinate the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support, and in-house consulting in these areas. This includes providing leadership to the business functions to develop business contingency plans in the event of a systems outage. Lead the Incident Response team during any cyber incident. Visionary leadership with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.
Proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. Understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of the business outcomes where the business process is dependent on technology. Drive the implementation and management of the enterprise information security program. Understand and articulate the impact of the cybersecurity of (digital) business and be able to communicate this risk and the Organization’s current cybersecurity threat prevention status to the board of directors and other senior stakeholders. Understands that securing information assets and associated technology, applications, systems, and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization’s perimeter.
A key element of the CISO’s role is working with the executive management to determine acceptable levels of risk for the organization. Knowledge about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal.
Requirements and Qualifications
Minimum of seven (7) to ten (10) years of experience in a combination of risk management, information security, and IT or OT jobs (at least five (5) years must be in a senior leadership role). Degree in Business Administration or a technology-related field, or equivalent work- or education-related experiences required. Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials. Knowledge of common security management frameworks, such as ISO/IEC 27001, ITIL, and COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework. Must have a proven track record and experience in developing information security policies and procedures as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment. Knowledge and understanding of relevant legal and regulatory requirements, such as the Sarbanes-Oxley Act and Data Privacy Regulations.
Professional Skills Required:
Must have excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists. Must be a strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization. Must have poise and possess the ability to act calmly and competently in high-pressure high-stress situations.
Must be a circle thinker, with strong influence and problem-solving skills. Must have excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding dynamic environment and meet overall objectives. Ability to lead and motivate the information security team to achieve tactical and strategical goals, even when only “dotted line” reporting lines to exist. Must have the ability to influence entities and decisions where no formal reporting structure exists but achieving the desired outcome is vital.
Excellent stakeholder management skills are required. A high level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity, is required. Must have a high degree of initiative, dependability, and the ability to work with little supervision while being resilient to change.
Compensation: Lucrative/Competitive executive package based on qualifications that include bonus plan, full employer health benefits, full employer-paid relocation, and more.
Start Date: ASAP.
TO APPLY
Please forward resume and compensation requirements to:
Pailin Group Professional Search Consultants
Global retained executive search, worldwide
Amanda Sonus - Senior Consultant
pailingroup.com