What are the responsibilities and job description for the Chief Information Security Officer position at Clevelcrossing?
Location
If you are considering sending an application, make sure to hit the apply button below after reading through the entire description.
New York City, NY, United States
Posted on
May 01, 2020
Profile
The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets while supporting and advancing business objectives.
The CISO will be a visionary leader comfortable with an agile, fast-moving workplace with a working knowledge of cybersecurity technologies covering the global enterprise network as well as the broader digital ecosystem. The CISO will work with business and IT leaders to define, publish, and govern policies and standards for information risk and security. He or she will also understand IT and implement, oversee, and run cybersecurity, risk management, policies, disaster recovery / business continuity programs, identity and access management, and compliance activities related to IT to ensure the achievement of business outcomes.
The CISO must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations. He or she should be well aware of the operational compliance and regulatory requirements applicable to the firm including ISO 27002, NIST, NAIC, state regulations, etc.
Responsibilities :
- Establish governance : Work with PMO to ensure that information security requirements and checkpoints are included in projects. Work with procurement and vendor management to ensure information security requirements are included in contracts. Work with architecture to ensure security requirements are included in architectures and designs.
- Establish and manage an information security awareness training program for the enterprise.
- Lead the daily operation of the IT security function. Manage the staff and budgets associated.
- Develop and maintain an information security vision and strategy aligned to organizational priorities and relevant regulatory inputs; drive projects that implement and further the strategy or respond to regulatory needs. Ensure the implementation of up-to-date practices and technologies to minimize the risk of cyber-attacks, data loss, reputational impacts, etc.
- Develop and maintain an up-to-date security management framework based upon a standard framework in the industry. Develop and maintain a document repository of security policies, standards, and guidelines, overseeing the approval, publication, and governance of the same.
- Facilitate a metrics and reporting framework to measure the effectiveness of the IT security program, including assessing threats, gaps, and other risks. Report to the board and senior leadership.
- Develop, maintain, and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals. Ensure adequate testing of these programs takes place periodically.
- Overseeing the execution of security audits, risk assessments, penetration tests, red / blue exercises, DR / BCP tests, vulnerability assessments, and continuous improvement programs.
- Implement and oversee security monitoring and threat assessment programs.
- Participate in M&A activities in order to evaluate IT risk & security at companies targeted for acquisition.
- Develop processes to handle security incidents and trigger investigations; oversee investigation of security breaches and participate in reporting of same.
Required :
J-18808-Ljbffr
