Chief Information Security Officer

We are looking for a CISO to build our Security culture and ensure that we manage our business in a secure, compliant and resilient way.

Delegate is a growing IT consultancy where strong values and deep expertise form the foundation of both your and our success. We are 100% Microsoft Cloud-based and operate at the forefront of Microsoft’s Cloud platforms, with an exciting portfolio of projects across private and public sectors.

Introducing The Digital Neighborhood

You will join The Digital Neighborhood which is a community of tech companies focused on all things Microsoft AI and Cloud. While proud to be part of a growing network, all our businesses retain the entrepreneurial fire that set them apart in the first place. This independent spirit creates a dynamic and agile workplace, offering any candidate many opportunities to grow and learn.

Within the Nordics, we have a practice that focuses on a combination of consulting and Microsoft based solutions for Project Management and Business Solutions. This pillar currently contains four companies; Delegate, Projectum, Consit and Sulava. The role will not only contribute to Delegate’s security strategy and operations, but also collaborate across our network, including our sister companies Projectum, Consit and Sulava, working together to ensure a high level of cybersecurity across the group.

Our ideal candidate would be collaborative, organized, and detail oriented, eager to help us grow the maturity and impact of the Security and Data Privacy function. The success of this role depends on the candidates ability to build relationships with senior management as well as technical business colleagues.

Job Summary:

The CISO is responsible for leading and managing Security for the Practice. This role requires detailed knowledge of Security and Data Privacy controls and products, and involves identifying risks and proposing technical solutions to mitigate them.

Key Responsibilities:

• Define and Implement the Information Security and Data Privacy strategy for the Practice; including subsidiary companies (labels)
• Risk Management, control assessment, and remediation
• Develop the Security Culture in all labels and teams
• Propose Security Technical Standards, Architecture, and Solutions that meet the risks and needs of the practice
• External reporting of data breaches, regulatory notifications of cyber incidents, and privacy requests in cooperation with case handlers and internal legal teams
• Managing Security in Cloud Hosting solutions (Azure)
• Managing Security in Software Development;

Deliverables:

• Define Policies, Procedures, and Controls to meet Security and Data Privacy regulatory requirements
• Strengthen the Security Culture through awareness initiatives
• Define and implement local minimum technical standards in line with risk
• Facilitate Governance meetings to record risk and compliance decisions
• Facilitate Risk and Control assessments
• Support IT with vulnerability management and remediation initiatives
• Operational management of alert monitoring / incident triage process
• Support with incident management strategy and operational requirements
• Ensure all third party applications are properly managed according to their risks
• Ensure high risk assets are penetration tested according to policy
• Ensure business continuity processes and Crisis Team are in place and trained
• Ensure contracts with suppliers and customers contain essential Security clauses and boundaries of liability are clear
• Facilitate contract reviews to manage liability with suppliers and customers

Experience and Salary Expectations:

This is a subject matter expert role that requires exposure to creating and managing a Security function across multiple companies. He or she will have one direct report at this stage, but will be responsible for managing their operating model with the Practice Lead based on risks and needs.

Minimum of 5 years of experience in CISO, Compliance and/or Security Architect role.

Proven experience with ISO27001 implementation and maintenance.

Experience in hosting meetings, creating presentations, and developing documentation.

Qualifications and Education:

Bachelor’s degree in Information Security, Computer Science, or a related field would be beneficial. A Master's degree is preferred.

ISO27001 Lead Implementer or Lead Auditor certification is highly desirable.

Microsoft certifications in Security and Azure are highly desirable, for example;

• Microsoft Certified: Cybersecurity Architect Expert (SC-100)
• Microsoft Certified: Information Protection Administrator Associate (SC-400)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)

Skills and Personal Attributes:

• Ability to communicate with all levels of the organization, CEO to technical teams.
• Excellent communication and interpersonal skills.
• Ability to create clear and comprehensive documentation.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Detail-oriented and highly organized.
• Proactive and self-motivated.
• Strong leadership and team management abilities.
• High level of integrity and professionalism.

Curious?

Send your application by clicking 'Apply' on this page and follow the instructions. Please attach your CV and any relevant documents. The position is available as soon as possible, and applications are reviewed on an ongoing basis.