Chief Information Security Officer (CISO)

Position Overview: The Chief Information Security Officer (CISO) is a senior executive responsible for establishing and maintaining the organization's vision, strategy, and program to ensure that information assets, technologies, and data are adequately protected. The CISO will lead efforts to identify, evaluate, and mitigate risks to the organization, implement robust security strategies, and oversee the continuous improvement of a secure enterprise environment. The CISO will also actively monitor and intervene whenever necessary to mitigate security problems that may arise, ensuring prompt and effective response to any security incidents.

Key Responsibilities:

Strategic Leadership:

• Develop, implement, and monitor a comprehensive enterprise information security and risk management program.
• Align the security program with business objectives, ensuring compliance with industry regulations and standards.
• Advocate for security awareness across the organization.

Risk Management:

• Conduct regular risk assessments to identify potential threats and vulnerabilities.
• Develop and maintain risk treatment plans to mitigate or eliminate risks to acceptable levels.
• Oversee incident response planning and disaster recovery strategies.
• Actively monitor the enterprise environment for security issues and intervene directly as needed to address emerging threats or incidents.

Policy and Compliance:

• Establish and enforce security policies, procedures, and standards.
• Ensure compliance with applicable laws, regulations, and industry frameworks (e.g., GDPR, ISO 27001, HIPAA, NIST).
• Act as the primary point of contact for audits and security-related inquiries.

Technology Oversight:

• Evaluate, acquire, and implement security solutions and technologies.
• Ensure the secure design, architecture, and deployment of IT systems and applications.
• Manage the organization's Security Operations Center (SOC), if applicable.

In the absence of a dedicated security team, the CISO is expected to work hands-on to implement, manage, and monitor technical security controls, enforce access management policies, and directly respond to security incidents across systems and networks.

Collaboration and Communication:

• Work with stakeholders across departments to integrate security into business operations.
• Provide regular reporting on security metrics, incidents, and progress to the executive team and board of directors.
• Engage with external partners, vendors, and consultants for security solutions and best practices.

Team Management:

• Build and lead a high-performing information security team.
• Provide training, mentorship, and career development for security personnel.
• Foster a culture of accountability and continuous improvement within the security team.

Key Performance Indicators (KPIs):

• Reduction in security incidents and breaches.
• Compliance with regulatory requirements and audits.
• Implementation of security strategies within defined timelines.
• Security awareness levels among employees.
• Incident response and recovery times.

Job Type: Full-time