Chief Information Security Officer CISO

• Strategy and Planning:
  
• Develop implement and monitor a strategic comprehensive enterprise information security and IT risk management program.
  
• Work directly with the business units to facilitate risk assessment and risk management processes.
  
• Develop and enhance an information security management framework.
  
• Leadership and Management:
  
• Lead the information security function across the company to ensure consistent and highquality information security management.
  
• Manage the information security team including hiring training staff development and performance management.
  
• Provide strategic risk guidance for IT projects including the evaluation and recommendation of technical controls.
  
• Policy Compliance and Governance:
  
• Develop and implement policies and procedures to ensure that personnel and systems comply with federal state and local regulatory requirements and best practices.
  
• Oversee the continuous monitoring and protection of information systems data and infrastructure.
  
• Ensure compliance with the changing laws and applicable regulations.
  
• Incident Management and Response:
  
• Establish a process for incident management and response to cyber incidents.
  
• Coordinate and oversee security investigations and incident response activities.
  
• Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals.
  
• Risk Management and Mitigation:
  
• Identify and assess risks to information assets and develop appropriate mitigation strategies.
  
• Ensure that the disaster recovery and business continuity plans drive disaster recovery strategy and procedures.
  
• Manage security vulnerabilities and develop and implement remediation plans.
  
• Security Architecture and Engineering:
  
• Develop security architecture and integrate security into the design of the firms technology and business processes.
  
• Ensure the design of security architecture is aligned with business goals and objectives.
  
• Oversee security operations and engineering for the protection of data systems and networks.
  
• Awareness and Training:
  
• Develop and deliver a comprehensive information security awareness and training program.
  
• Educate the workforce on information security best practices and policies.
  
• Promote security awareness across the organization.
  

Requirements

• Bachelor s degree in Computer Science Information Technology Cybersecurity or a related field; Master s degree or relevant certifications (CISSP CISM CISA etc.) preferred.
  
• 8y work experience in information security with 5y in a senior leadership role within the financial services industry.
  
• Strong knowledge of information security management frameworks (e.g. ISO/IEC 27001 NIST etc.).
  
• Experience with risk management vulnerability assessments and security audits.
  
• Proficiency in security architecture engineering and operations.
  
• Excellent leadership communication and team management skills.
  
• Strong problemsolving and decisionmaking abilities.