CISO Professional

Job Description

- We are seeking a skilled and experienced professional to join our dynamic team as the Chief Information Security Officer (CISO)
- As a mid-sized software company, we are looking for a candidate who can lead our information security efforts with a focus on safeguarding our digital assets, ensuring compliance with relevant regulations, and implementing robust cybersecurity measures
- This position is intended for a mid-level candidate with a focus on practical implementation and management of cybersecurity measures
- The role is designed for a hands-on leader who can effectively navigate the unique challenges of a mid-sized software company
- Conduct periodic assessments to evaluate and enhance the effectiveness of the Information Security Management System (ISMS).
- Ensure compliance with legal and regulatory requirements pertaining to Information Security (IS) through thorough evaluations.
- Assess adherence to organizational Information Security (IS) policies, procedures, standards, guidelines, and directives, providing guidance to the Executive Leadership Team (ELT).
- Conduct Information Security (IS) audits at least annually or following significant changes in IT systems/Infrastructure.
- Generate comprehensive IS audit reports inclusive of recommendations to enhance Information Security (IS).
- Seek senior management approval for IS audit reports before dissemination.
- Periodically share approved audit reports with the Executive Leadership Team (ELT).
- Lead customer facing reviews and Audits.

Desired Skills :

Strategic Planning

- Secure endorsement and guidance from top management to facilitate the implementation of Information Security (IS) measures within the organization.
- Identify IS goals and objectives aligned with organizational business needs and objectives.
- Clearly define the scope and boundaries of the Information Security (IS) program.
- Comprehend and adhere to legal and regulatory requirements related to Information Security.
- Develop comprehensive IS implementation strategies.
- Strategize and establish organization-wide Information Security Management System (ISMS) in accordance with the ISO/IEC 27001 Standard, directives, and other pertinent security standards.
- Establish a risk management framework to guide IS initiatives.
- Define key performance indicators and metrics for measuring the effectiveness of Information Security (IS).
- Obtain top management approval for the Information Security (IS) plan, budget, and resource allocation.

Policy Planning

- Identify Information Security (IS) policies, standards, procedures, guidelines, and processes.
- Establish a formalized process for creating, documenting, reviewing, updating, and implementing security policies.
- Clearly define the Information Security (IS) policy.
- Establish a policy for the classification of information and information assets.
- Take the lead in coordinating the development of organization-specific information security policies, procedures, guidelines, and processes in consultation with various stakeholders, including ELT.
- Obtain approval for Information Security (IS) policies, procedures, guidelines, and processes.

Information Security Management Responsibilities:

- Develop, maintain, and enhance organization wide IS and risk management plans.
- Disseminate and enforce IS policies, procedures, and guidelines.
- Integrate IS procedures with business processes and IT planning.
- Periodically evaluate and enhance the effectiveness of IS measures.
- Issue alerts, conduct risk assessments, and monitor security incidents.
- Manage records of IS incidents, take remedial actions, and report to ELT.
- Ensure compliance with legal and regulatory requirements for IS.
- Raise and maintain information security awareness.
- Evaluate and upgrade training and awareness programs.
- Lead the implementation of Business Continuity Plan (BCP) and conduct mock drills.
- Define and implement change management plans for IS systems and ISMS.
- Ensure compliance with IS by contractors/suppliers.
- Ensure that all storage media, when no longer required, are disposed security and safely as per laid down procedures.
- Ensure safety and security of portable computing devices/storage media when they are taken outside of the organization.
- Ensure all information systems with organization are adequately patched and updated.

Desired Qualifications:

- Bachelors degree in computer science, Information Technology, or related field.
- 10 years of experience in a senior cybersecurity role.
- Relevant industry certifications such as CISSP, CISM, or similar preferred.
- Strong understanding of software development security practices.
- Excellent communication and leadership skills