The Chief Information Security Officer (CISO) is the leader of the security function for Logicworks, and includes responsibility for overall security strategy, internal and client environment security architecture development, and oversight of the global security function. As the company’s senior security employee, this role is highly client-facing and also has internal responsibility for all data/information security policies, standards, evaluations, roles, and corporate awareness. The ideal candidate will have strong technical skills along with strong communication skills at all levels.
The Chief Information Security Officer (CISO) will oversee and coordinate security efforts across the company. This position will be prospect-and-client facing in addition to being responsible for Logicworks’ security functions. The CISO will be able to present Logicworks’ services and own security and compliance practices in light of enabling our client’s security and compliance goals. The CISO must be able to develop and implement flexible but repeatable security solutions, dictated by the needs of rapidly evolving client environments and internal corporate requirements, and inform the development of security related services.
What would you be doing in this role?:
- Set the strategic direction and planning for Information Security, including annual and long term security and compliance goals.
- Manage the overall security strategy and establish engineering and company-wide standards and controls, including directing updates or creation of related policies, procedures, programs, and guidelines to ensure company-wide information security and assurance.
- Create a roadmap for continuous program improvements with defined metrics and reporting mechanisms.
- Provide regular briefings to the executive team on status and risks.
- Assist the sales team to present Logicworks’ service and product capabilities in light of prospects’ security and compliance requirements; travel may be required
- Work directly with the client services team, information security manager, and clients to answer security and compliance related questions and develop internal resources for frequently asked questions.
- Oversee incident response planning and exercises, the investigation of security breaches, the review of investigations after breaches or incidents, including impact analysis and recommendations.
- Assist with disciplinary and legal matters associated with security and compliance, as necessary.
- Lead technical risk assessments for new and existing products and services and for corporate infrastructure.
- Oversee the continued development of a corporate security awareness and training program to ensure that cyber security policies and procedures and best practices are communicated to all personnel and that compliance is enforced.
- Translate corporate and client requirements related to security and regulatory compliance to current and future capabilities, products, and projects.
- Take ownership of key partnerships with 3rd party security service and technology product vendors and partners.
- Evaluate security service and product vendors against industry standard practices.
- Work with outside consultants to complete independent industry standard information security certifications.
- Ensure compliance with the changing laws and applicable regulations.
- Directly manage the establishment and growth of a security focused team.
Here's What We Are Looking For:
Five to ten years of experience managing an Information Technology Security program, with demonstrated expertise and experience writing, maintaining, or contributing to information security policies, including oversight responsibilities within a complex service provider environment or professional consulting services capacity. Three to five years of experience in a highly regulated environment such as HIPAA, PCI, SOX, or FISMA compliant environment.
A Bachelor of Arts or a Bachelor of Science Degree in IT management, computer science, or related degree. A combination of professional-level security experience and specialized training may be considered as an acceptable educational equivalent. At least one of the following: CISSP, CISM, GSLC, or equivalent.
An Ideal Candidate Will Have These Desired Qualifications:
- Ability to communicate effectively to internal and client executive and technical stakeholders
- In depth and applied knowledge of industry standard frameworks and guidance from NIST, ISO, SANS, etc.
- Demonstrated experience in conducting, managing, or overseeing security audits
- Deep understanding and hands-on application of Cloud based services (AWS is preferred)
- Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff
- High level of analytical and problem-solving abilities
- Ability to conduct research into security issues and products as required. Strong understanding of the organization's goals and objectives