Chief Information Security Officer
Chief Information Security Officer
Posted on :
21-11-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Chief Information Security Officer
Location: Columbia MD
Duration: 12 months extendable.
Location: Columbia MD
Duration: 12 months extendable.
Visa: Visa independent candidates only.
Locals to Columbia MD are needed.
Job Description:
The candidate must possess at least 10 years of experience in
IT securityrelated roles such as security analyst network administrator or
similar positions.
Leadership: The Contractor must possess experience in management or
leadership roles as CISOs need to lead teams and make strategic decisions.
IT securityrelated roles such as security analyst network administrator or
similar positions.
Leadership: The Contractor must possess experience in management or
leadership roles as CISOs need to lead teams and make strategic decisions.
Perform a detailed cyber risk assessment that includes the following but not limited to:
Identifying estimating and prioritizing information cyber security risks ;
Examining HCCs current technology security controls policies and procedures to
assess potential threats or attacks; and
Evaluating HCCs threat landscape vulnerabilities and cyber gaps that pose a risk to
its assets.
B. Act as HCCs Qualified Individual (QI) to present quarterly reports to HCC Board of
Trustees and leadership as required and specified by GLBA.
C. Develop an information security program using a framework such as National Institute of
Standards and Technology (NIST) 80053 Center of Internet Security (CIS) Critical
Security Controls or CIS Implementation Group 1 (IG1) that protects HCC in accordance
with GLBA security requirements.
D. Provide information security leadership communication investigation mitigation
containment and postincident analysis in the event of a cyber incident.
E. Update and enhance existing cybersecurity policies and procedures as required by GLBA.
The policies include but not limited to:
1. Vulnerability management
2. Data management
3. Incidence response
4. Software management
5. Hardware asset management
F. Provide guidance when analyzing realtime threat analysis identified by HCCs security
operations center.
Identifying estimating and prioritizing information cyber security risks ;
Examining HCCs current technology security controls policies and procedures to
assess potential threats or attacks; and
Evaluating HCCs threat landscape vulnerabilities and cyber gaps that pose a risk to
its assets.
B. Act as HCCs Qualified Individual (QI) to present quarterly reports to HCC Board of
Trustees and leadership as required and specified by GLBA.
C. Develop an information security program using a framework such as National Institute of
Standards and Technology (NIST) 80053 Center of Internet Security (CIS) Critical
Security Controls or CIS Implementation Group 1 (IG1) that protects HCC in accordance
with GLBA security requirements.
D. Provide information security leadership communication investigation mitigation
containment and postincident analysis in the event of a cyber incident.
E. Update and enhance existing cybersecurity policies and procedures as required by GLBA.
The policies include but not limited to:
1. Vulnerability management
2. Data management
3. Incidence response
4. Software management
5. Hardware asset management
F. Provide guidance when analyzing realtime threat analysis identified by HCCs security
operations center.
G. Perform thirdparty and partner evaluations Higher Education Community Vendor
Assessment Toolkit (HECVAT).
H. Develop and implement the strategy to conduct regular security audits and assessments to
identify vulnerabilities and ensure compliance with security policies.
I. Write a clear and concise incident response plan that meets industry standards.
J. Participate in meetings as needed. (i.e. weekly monthly quarterly ad hoc etc). Under
normal circumstances inperson meetings are not required. In the event of an incident or
breach an inperson meeting may be required.
Assessment Toolkit (HECVAT).
H. Develop and implement the strategy to conduct regular security audits and assessments to
identify vulnerabilities and ensure compliance with security policies.
I. Write a clear and concise incident response plan that meets industry standards.
J. Participate in meetings as needed. (i.e. weekly monthly quarterly ad hoc etc). Under
normal circumstances inperson meetings are not required. In the event of an incident or
breach an inperson meeting may be required.
Preferred certifications:
. Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
. Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
