Address
Form of workJob Description
HYBRID – Chief Information Security Officer
Location; Buena Park, CA
JOB DESCRIPTION
Chief Information Security Officer (CISO) will be a critical player in driving the execution of the global Information Security strategy to ensure cyber security risks are well understood and appropriately addressed. Partnering with leadership teams in Australasia and North America, the IT teams for three divisions and other key stakeholders, the successful candidate will be a proven Information Security executive with experience leading in a stand-alone company or a division as the senior Information Security leader. They will have the ability to provide strategic direction, determine priorities based on key risk criteria and measure the effectiveness of our programs. They will also have a practical and pragmatic business sense and a proven track record as a strategic advisor and trusted business partner.
Responsible for governance and project management working closely with Regional IT functions who in turn are accountable for the day-to-day execution of activities under the framework and guidance provided by CISO.
- Information Security Strategy:
- Develop, implement, and maintain a global Information Security strategy and roadmap.
- Develop and establish an Information Security program, ensuring compliance with relevant regulations such as Privacy (GDPR) and standard methodologies / framework like NIST.
- Incorporate periodic external threat environment reviews into the security strategy and roadmap.
- Program Leadership:
- Provide expert advice to executive leadership and board on Information Security risk assessment and mitigation activities.
- Collaborate with senior business leaders and departments to advise on risks, mitigations, and incident response.
- Collaborate with the regional IT teams on development and implementation of Information Security program (policy, procedures, projects, and audits).
- Policy, Compliance, and Audit:
- Lead the development and implementation of effective Information Security policies and procedures.
- Evaluate effectiveness of and compliance with Information Security programs and procedures
- Develop continuous improvement programs to improve Information Security such as vulnerability management, patch management and DR recovery.
- Risk Management and Incident Response:
- Define Information Security risk assessment methodology and metrics
- Proactively monitor and evaluate risk exposure and mitigation
- Identify and investigate security breaches, working with key business partners and executive leadership, and provide remediation and resolution.
- Education / Training:
- Develop and maintain a strong Information Security awareness program.
- Perform regular sessions (internal and external) to test and improve compliance to Information Security policies and procedures.
QUALIFICATIONS
- Bachelor's degree in Business Administration, Computer Science, Information Technology, Engineering, or equivalent professional experience.
- CISSP, CRISC, CISA, or similar industry certification
- 3 years' experience as a CISO or equivalent position for medium size, global organizations
- 15 years' progressive experience in Information Security management, information management, information systems and / or risk management
- Experience in driving change in security functions within multiple organizations.
- Experience working with IT security guidelines and requirements outlined or as driven by GDPR, PCI-DSS, FedRAMP, SOX, and GBLA.
- Experience with contract and vendor negotiations.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
