Job Description
CISO – Contract, Interim, Consultant, Massachusetts, May Start
Our global client is requiring an interim CISO to joining the firm and design the North America information security roadmap. The role will join an expanding security division and take full ownership of information security strategy, policies and execution with this global firm’s IT estate.
The role of Chief Information Security Officer will shape the overall security strategy of this global organisation and be comfortable reporting to board levels directors as well as working closely 'on the ground' with security focused SMEs. You will work with teams spanning various countries and ideally have exposure to the global FS sector.
This is a key role and the duration of the contract will be 6 months with possible extensions. The role could end up being a long-term interim position. Its working for a large and growing firm and requires the ability to have first class technical experience with strong business knowledge.
Main responsibilities;
Maintains an excellent understanding of the information security industry, including architecture, incident management and technical analysis of threats, and be able to demonstrate information security expertise at senior level, including being able to present information concisely and to clearly identify key issues at senior stakeholders
Develop and revise (existing) information security policies, guidelines, standards and concepts
Responsible for leading the effort in security across the organisation, including thought-leadership and direction to senior stakeholders.
Ensuring that the information security strategy remains aligned to combat the ever- changing threat landscape.
Lead the organisation's response to information security incidents, ensuring prompt handling and investigation of all incidents.
Promote a culture of information security and awareness.
Implement information security strategy, policies, shared security services and action plans, as required to deliver the information security strategy.
Pro-actively identifies emerging vulnerabilities, evaluates the associated risks and threats and provides countermeasures where necessary, including revising configuration standards and operational procedures.
Monitors the development within application security and ensures that the development processes are consistent with standard industry practices, such as OWASP and WASC. Support the development and implementation of the global ISMS
Manage and assist in security monitoring and the continuous improvement of the organisations information systems incl. the performance of risk assessments and business impact analysis
Advise business departments and IT on information security relevant issues of regional projects in IoT and eCommerce
Implementation and oversight of information security education, awareness measures and training for the region.
Requirements;
10+ years experience working in IT security and/or risk, with the last 5+ leadership roles
Professional security management certifications (CISSP, CISM, CISA, etc)
Ability to manage multiple projects spanning a range of geographic, international locations
Strong regulatory knowledge around security and idelaly financial servcies
Strong knowledge of all security frameworks ie: ISO/IEC 27001, ITIL COBIT, etc
Very strong background communicating IT security issues and risk to non-technical audiences
Ideally FS/Banking/Insurance experience
Willingness to travel
Successful candidates will have the ability to work autonomously and be able to bridge the gap between deep technical knowledge and information security initiatives across the company in order to influence strategy and application security. If you are interested in the opportunity please respond via this advertisement or email Jordan Fitzpatrick on jtf@barclaysimpson.com.