Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Chief Information Security Officer

S

Simplex

Chief Information Security Officer

Boston, MA
Full Time
Paid
Similar Jobs
  • Responsibilities

    We have been retained by an enterprise cybersecurity technology client to help them identify a CISO / Chief Information Security Officer to lead their cybersecurity strategy and be the face of the company to customers. 

    The Chief Information Security Officer (CISO) position provides leadership and oversight in the strategic planning, execution, and assessment of all company cybersecurity strategies, policies, procedures, and guiding practices to be implemented.

    The Chief Information Security Officer will manage and continuously modify when necessary a comprehensive information security program to ensure that all information assets are adequately protected against current/future internal and external threats. The security program is based on NIST.  The expectation is that this leader will build on the current framework and bring additional value.  The position is responsible for identifying, directing, coordinating, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements while enabling the company to develop an anticipatory response to minimize information security risk.

    You will lead Corporate Security & Governance, and also play a key role in leading product offering, and partner with Business Unit to develop secure products. She/he will be responsible for managing programs of large scope, impact, and complexity through all phases of the security lifecycle.  The ideal leader needs to bring Security First culture in everything, while freeing the good and stopping the bad. She/he also needs to bring the culture of enabling the business to achieve their goals, while protecting and managing the risk for the company appropriately. The ideal candidate should be able to develop efficient strategies and tactics, to make Security ingrained in the process of the business with appropriate policies and tools, rather than just a governing body.  This is a most visible role across the executive & board leadership, and the leader will report directly to the CEO.

    The CISO will lead a team of 30-40 professionals. This leader acts as the key liaison and local point of contact for all information security communications and projects and coordinates the necessary alignment of internal staff and other global information systems areas.  The Chief Information Security Officer determines projects and priorities for all information security issues. He/she establishes short and long-term business plans to achieve the security vision defined in the company’s strategic plan.

    The CISO will identify vulnerabilities in information systems, network / systems architecture, network / system design implementations and work with responsible personnel to close or mitigate the vulnerabilities. He/she will direct the action of the Incident Response Team in the event that a security incident occurs. He/she will work closely with IT leadership to manage capacity, performance, and security within a service level agreement framework to assure the overall effectiveness of all IT services. The Chief Information Security Officer will work closely with IT and business leaders to identify and mitigate risks and establish/maintain strategic alignment of technology initiatives, information security and business objectives.

    The CISO will develop the roadmaps, processes, procedures, and actions to be taken in the event of different IT security breaches. The CISO will not only need to develop these plans but is also expected to communicate and educate the Board and internal community on how the IT security organization will manage a security occurrence if one occurs. The CISO is also expected to effectively communicate and teach the company on what is going on in the world of information security and what employees can do to help the IT Security organization both prevent a security breach and easily manage through a security breach if it occurs.

    The CEO and the Board look to the CISO to work collaboratively with IT, Internal Audit, and professional staff to understand the business to effectively assess the current state of IT security, the risks associated with the current state of security, and plans to address current risk and proactively improve IT security.

    Specific Responsibilities Include:

    • Partner with IT, Business Units and Business leaders to execute a cohesive Information Security program which encompasses Strategy, Policy, Guidelines, Process, Operating procedures and a technology roadmap 
    • Establish and lead the appropriate KPI and scorecards to measure and deliver on the effectiveness of the security function.  Identify security protection goals, objectives and metrics consistent with strategic plan and priorities.
    • Collaborate with peers on IT Leadership team to influence IT Strategic direction, and to shape solution delivery to protect company assets: people, data, systems, and intellectual property.
    • Lead the Data & Insider Threat Program partnering with the key stakeholders like Legal, HR, Finance, and other functional areas
    • Collaborate with Chief Privacy Officer to protect data subject to data privacy regulations. Ensures that international, national and local Information Security and Privacy regulations are being followed.
    • Lead a secure supply chain program to ensure the vulnerabilities and threats are managed appropriately inside and outside the company
    • Deep partnership with Product, Engineering, Sales & Marketing
    • Partner with Product Management, CTO and R&D to execute the internal program as a Lighthouse customer and Customer Zero
    • Partner with Sales & Marketing to be the reference customer and industry engagements on thought leadership
    • Provide leadership and management to the IT Security & Governance Team, and 3rd parties providing IT Security services
    • Ensure that the Company is compliant with global legislation and anticipate potential legislation at federal and state level to develop proactive responses
    • CISO is responsible for leading the CloudTrust program for the Product Cloud partnering with R&D, Product and CTO org.  CISO is also responsible for leading various certification & accreditation for FP cloud which include:  ISO, CSTAR, SOC 2, FedRAMP, iTAR, etc.
    • Plans for incident specific responses as well as a disaster recovery planning
    • Serve as the company champion to promote information security disciplines in new information security technologies that ensure the state-of-the-art approaches are being used
    • Develop effective IT security plans that integrate into all stages of the system lifecycle
    • As Security Practitioner, this leader serves as the media relations liaison as it relates to cybersecurity operations and activities
    • As the cybersecurity leader, he/she will establish and enforce processes to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training
    • Ensuring continuous monitoring and tracking of all company systems against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive or mutilating computer threats
    • Developing effective communications systems to quickly disseminate information and solutions to manage potential threats and mitigate risk
    • Knowledge of industry trends and current and emerging risks
    • Proactively engage with the broader Information Security community and proactively lead IT Security team to address technology shifts and threats on the horizon
    • Mentor, develop, and grow next generation IT Security leadership

    Requirements:

    • 15+ years’ experience in Information Security in enterprise global environments
    • Held the CISO role / title. 
    • Experience with SaaS transformation and pre-IPO scaling challenges
    • Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM);
    • Experience with IT security standards or frameworks such as ISO 270xx, and NIST 800 series
    • Experience managing team size of 30-40 people
    • Demonstrated experience managing threat response
    • Proven experience conceiving and delivering innovative solutions leveraging technology and information
    • Senior executive presence, comfortable presenting and collaborating with Executive Leaders and Board, as a Business Advisor
    • CISO will work closely with executive leadership and partner with the CHRO, General Counsel and Data Privacy Officer
    • Experience and comprehensive knowledge of Information Systems, Financials, Contract Management, ITIL, and business processes
    • Ability to successfully manage and execute multiple, large scale projects using established project management tools and processes
    • Excellent written and verbal interpersonal skills including crafting vision and strategy and demonstrated ability to condense data in order to synthesize crisp and easily understandable deliverables
    • Demonstrated track record of building and maintaining highly collaborative, flexible, and productive cross-organization teams
    • Ability to seek innovative solutions to obstacles
    • Ability to lead process improvement
    • Knowledge of systems implementations, SDLC, change control
    • Knowledge of information security policies, procedures, and practices
    • Knowledge of disaster recovery processes

     

    We have been retained by an enterprise cybersecurity technology client to help them identify a CISO / Chief Information Security Officer to lead their cybersecurity strategy and be the face of the company to customers. 

    The Chief Information Security Officer (CISO) position provides leadership and oversight in the strategic planning, execution, and assessment of all company cybersecurity strategies, policies, procedures, and guiding practices to be implemented.

    The Chief Information Security Officer will manage and continuously modify when necessary a comprehensive information security program to ensure that all information assets are adequately protected against current/future internal and external threats. The security program is based on NIST.  The expectation is that this leader will build on the current framework and bring additional value.  The position is responsible for identifying, directing, coordinating, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements while enabling the company to develop an anticipatory response to minimize information security risk.

    You will lead Corporate Security & Governance, and also play a key role in leading product offering, and partner with Business Unit to develop secure products. She/he will be responsible for managing programs of large scope, impact, and complexity through all phases of the security lifecycle.  The ideal leader needs to bring Security First culture in everything, while freeing the good and stopping the bad. She/he also needs to bring the culture of enabling the business to achieve their goals, while protecting and managing the risk for the company appropriately. The ideal candidate should be able to develop efficient strategies and tactics, to make Security ingrained in the process of the business with appropriate policies and tools, rather than just a governing body.  This is a most visible role across the executive & board leadership, and the leader will report directly to the CEO.

    The CISO will lead a team of 30-40 professionals. This leader acts as the key liaison and local point of contact for all information security communications and projects and coordinates the necessary alignment of internal staff and other global information systems areas.  The Chief Information Security Officer determines projects and priorities for all information security issues. He/she establishes short and long-term business plans to achieve the security vision defined in the company’s strategic plan.

    The CISO will identify vulnerabilities in information systems, network / systems architecture, network / system design implementations and work with responsible personnel to close or mitigate the vulnerabilities. He/she will direct the action of the Incident Response Team in the event that a security incident occurs. He/she will work closely with IT leadership to manage capacity, performance, and security within a service level agreement framework to assure the overall effectiveness of all IT services. The Chief Information Security Officer will work closely with IT and business leaders to identify and mitigate risks and establish/maintain strategic alignment of technology initiatives, information security and business objectives.

    The CISO will develop the roadmaps, processes, procedures, and actions to be taken in the event of different IT security breaches. The CISO will not only need to develop these plans but is also expected to communicate and educate the Board and internal community on how the IT security organization will manage a security occurrence if one occurs. The CISO is also expected to effectively communicate and teach the company on what is going on in the world of information security and what employees can do to help the IT Security organization both prevent a security breach and easily manage through a security breach if it occurs.

    The CEO and the Board look to the CISO to work collaboratively with IT, Internal Audit, and professional staff to understand the business to effectively assess the current state of IT security, the risks associated with the current state of security, and plans to address current risk and proactively improve IT security.

    Specific Responsibilities Include:

    • Partner with IT, Business Units and Business leaders to execute a cohesive Information Security program which encompasses Strategy, Policy, Guidelines, Process, Operating procedures and a technology roadmap 
    • Establish and lead the appropriate KPI and scorecards to measure and deliver on the effectiveness of the security function.  Identify security protection goals, objectives and metrics consistent with strategic plan and priorities.
    • Collaborate with peers on IT Leadership team to influence IT Strategic direction, and to shape solution delivery to protect company assets: people, data, systems, and intellectual property.
    • Lead the Data & Insider Threat Program partnering with the key stakeholders like Legal, HR, Finance, and other functional areas
    • Collaborate with Chief Privacy Officer to protect data subject to data privacy regulations. Ensures that international, national and local Information Security and Privacy regulations are being followed.
    • Lead a secure supply chain program to ensure the vulnerabilities and threats are managed appropriately inside and outside the company
    • Deep partnership with Product, Engineering, Sales & Marketing
    • Partner with Product Management, CTO and R&D to execute the internal program as a Lighthouse customer and Customer Zero
    • Partner with Sales & Marketing to be the reference customer and industry engagements on thought leadership
    • Provide leadership and management to the IT Security & Governance Team, and 3rd parties providing IT Security services
    • Ensure that the Company is compliant with global legislation and anticipate potential legislation at federal and state level to develop proactive responses
    • CISO is responsible for leading the CloudTrust program for the Product Cloud partnering with R&D, Product and CTO org.  CISO is also responsible for leading various certification & accreditation for FP cloud which include:  ISO, CSTAR, SOC 2, FedRAMP, iTAR, etc.
    • Plans for incident specific responses as well as a disaster recovery planning
    • Serve as the company champion to promote information security disciplines in new information security technologies that ensure the state-of-the-art approaches are being used
    • Develop effective IT security plans that integrate into all stages of the system lifecycle
    • As Security Practitioner, this leader serves as the media relations liaison as it relates to cybersecurity operations and activities
    • As the cybersecurity leader, he/she will establish and enforce processes to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training
    • Ensuring continuous monitoring and tracking of all company systems against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive or mutilating computer threats
    • Developing effective communications systems to quickly disseminate information and solutions to manage potential threats and mitigate risk
    • Knowledge of industry trends and current and emerging risks
    • Proactively engage with the broader Information Security community and proactively lead IT Security team to address technology shifts and threats on the horizon
    • Mentor, develop, and grow next generation IT Security leadership

    Requirements:

    • 15+ years’ experience in Information Security in enterprise global environments

    • Held the CISO role / title. 

    • Experience with SaaS transformation and pre-IPO scaling challenges

    • Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM);

    • Experience with IT security standards or frameworks such as ISO 270xx, and NIST 800 series

    • Experience managing team size of 30-40 people

    • Demonstrated experience managing threat response

    • Proven experience conceiving and delivering innovative solutions leveraging technology and information

    • Senior executive presence, comfortable presenting and collaborating with Executive Leaders and Board, as a Business Advisor

    • CISO will work closely with executive leadership and partner with the CHRO, General Counsel and Data Privacy Officer

    • Experience and comprehensive knowledge of Information Systems, Financials, Contract Management, ITIL, and business processes

    • Ability to successfully manage and execute multiple, large scale projects using established project management tools and processes

    • Excellent written and verbal interpersonal skills including crafting vision and strategy and demonstrated ability to condense data in order to synthesize crisp and easily understandable deliverables

    • Demonstrated track record of building and maintaining highly collaborative, flexible, and productive cross-organization teams

    • Ability to seek innovative solutions to obstacles

    • Ability to lead process improvement

    • Knowledge of systems implementations, SDLC, change control

    • Knowledge of information security policies, procedures, and practices

    • Knowledge of disaster recovery processes

      We have been retained by an enterprise cybersecurity technology client to help them identify a CISO / Chief Information Security Officer to lead their cybersecurity strategy and be the face of the company to customers. 

      The Chief Information Security Officer (CISO) position provides leadership and oversight in the strategic planning, execution, and assessment of all company cybersecurity strategies, policies, procedures, and guiding practices to be implemented.

      The Chief Information Security Officer will manage and continuously modify when necessary a comprehensive information security program to ensure that all information assets are adequately protected against current/future internal and external threats. The security program is based on NIST.  The expectation is that this leader will build on the current framework and bring additional value.  The position is responsible for identifying, directing, coordinating, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements while enabling the company to develop an anticipatory response to minimize information security risk.

      You will lead Corporate Security & Governance, and also play a key role in leading product offering, and partner with Business Unit to develop secure products. She/he will be responsible for managing programs of large scope, impact, and complexity through all phases of the security lifecycle.  The ideal leader needs to bring Security First culture in everything, while freeing the good and stopping the bad. She/he also needs to bring the culture of enabling the business to achieve their goals, while protecting and managing the risk for the company appropriately. The ideal candidate should be able to develop efficient strategies and tactics, to make Security ingrained in the process of the business with appropriate policies and tools, rather than just a governing body.  This is a most visible role across the executive & board leadership, and the leader will report directly to the CEO.

      The CISO will lead a team of 30-40 professionals. This leader acts as the key liaison and local point of contact for all information security communications and projects and coordinates the necessary alignment of internal staff and other global information systems areas.  The Chief Information Security Officer determines projects and priorities for all information security issues. He/she establishes short and long-term business plans to achieve the security vision defined in the company’s strategic plan.

      The CISO will identify vulnerabilities in information systems, network / systems architecture, network / system design implementations and work with responsible personnel to close or mitigate the vulnerabilities. He/she will direct the action of the Incident Response Team in the event that a security incident occurs. He/she will work closely with IT leadership to manage capacity, performance, and security within a service level agreement framework to assure the overall effectiveness of all IT services. The Chief Information Security Officer will work closely with IT and business leaders to identify and mitigate risks and establish/maintain strategic alignment of technology initiatives, information security and business objectives.

      The CISO will develop the roadmaps, processes, procedures, and actions to be taken in the event of different IT security breaches. The CISO will not only need to develop these plans but is also expected to communicate and educate the Board and internal community on how the IT security organization will manage a security occurrence if one occurs. The CISO is also expected to effectively communicate and teach the company on what is going on in the world of information security and what employees can do to help the IT Security organization both prevent a security breach and easily manage through a security breach if it occurs.

      The CEO and the Board look to the CISO to work collaboratively with IT, Internal Audit, and professional staff to understand the business to effectively assess the current state of IT security, the risks associated with the current state of security, and plans to address current risk and proactively improve IT security.

      Specific Responsibilities Include:

      • Partner with IT, Business Units and Business leaders to execute a cohesive Information Security program which encompasses Strategy, Policy, Guidelines, Process, Operating procedures and a technology roadmap 
      • Establish and lead the appropriate KPI and scorecards to measure and deliver on the effectiveness of the security function.  Identify security protection goals, objectives and metrics consistent with strategic plan and priorities.
      • Collaborate with peers on IT Leadership team to influence IT Strategic direction, and to shape solution delivery to protect company assets: people, data, systems, and intellectual property.
      • Lead the Data & Insider Threat Program partnering with the key stakeholders like Legal, HR, Finance, and other functional areas
      • Collaborate with Chief Privacy Officer to protect data subject to data privacy regulations. Ensures that international, national and local Information Security and Privacy regulations are being followed.
      • Lead a secure supply chain program to ensure the vulnerabilities and threats are managed appropriately inside and outside the company
      • Deep partnership with Product, Engineering, Sales & Marketing
      • Partner with Product Management, CTO and R&D to execute the internal program as a Lighthouse customer and Customer Zero
      • Partner with Sales & Marketing to be the reference customer and industry engagements on thought leadership
      • Provide leadership and management to the IT Security & Governance Team, and 3rd parties providing IT Security services
      • Ensure that the Company is compliant with global legislation and anticipate potential legislation at federal and state level to develop proactive responses
      • CISO is responsible for leading the CloudTrust program for the Product Cloud partnering with R&D, Product and CTO org.  CISO is also responsible for leading various certification & accreditation for FP cloud which include:  ISO, CSTAR, SOC 2, FedRAMP, iTAR, etc.
      • Plans for incident specific responses as well as a disaster recovery planning
      • Serve as the company champion to promote information security disciplines in new information security technologies that ensure the state-of-the-art approaches are being used
      • Develop effective IT security plans that integrate into all stages of the system lifecycle
      • As Security Practitioner, this leader serves as the media relations liaison as it relates to cybersecurity operations and activities
      • As the cybersecurity leader, he/she will establish and enforce processes to ensure that all users receive appropriate information security training to perform duties along with periodic information security awareness training
      • Ensuring continuous monitoring and tracking of all company systems against potential threats including hackers, software flaws, viruses, spyware, phishing and self-adaptive or mutilating computer threats
      • Developing effective communications systems to quickly disseminate information and solutions to manage potential threats and mitigate risk
      • Knowledge of industry trends and current and emerging risks
      • Proactively engage with the broader Information Security community and proactively lead IT Security team to address technology shifts and threats on the horizon
      • Mentor, develop, and grow next generation IT Security leadership

      Requirements:

      • 15+ years’ experience in Information Security in enterprise global environments
      • Held the CISO role / title. 
      • Experience with SaaS transformation and pre-IPO scaling challenges
      • Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM);
      • Experience with IT security standards or frameworks such as ISO 270xx, and NIST 800 series
      • Experience managing team size of 30-40 people
      • Demonstrated experience managing threat response
      • Proven experience conceiving and delivering innovative solutions leveraging technology and information
      • Senior executive presence, comfortable presenting and collaborating with Executive Leaders and Board, as a Business Advisor
      • CISO will work closely with executive leadership and partner with the CHRO, General Counsel and Data Privacy Officer
      • Experience and comprehensive knowledge of Information Systems, Financials, Contract Management, ITIL, and business processes
      • Ability to successfully manage and execute multiple, large scale projects using established project management tools and processes
      • Excellent written and verbal interpersonal skills including crafting vision and strategy and demonstrated ability to condense data in order to synthesize crisp and easily understandable deliverables
      • Demonstrated track record of building and maintaining highly collaborative, flexible, and productive cross-organization teams
      • Ability to seek innovative solutions to obstacles
      • Ability to lead process improvement
      • Knowledge of systems implementations, SDLC, change control
      • Knowledge of information security policies, procedures, and practices
      • Knowledge of disaster recovery processes

    If interested please apply or contact Johnny Chang directly at jchang at simplexhires.com. This is a confidential search but we will be happy to discuss further details with qualified candidates.