The Chief Information Security Officer (CISO) at the company is responsible for the development and delivery of a comprehensive information and data security strategy. Will establish strategic & tactical objectives, along with defining operating policies and procedures necessary to establish global Information Security practices. Establish and coordinate responsibilities and project assignments to direct reports and cross-functional teams. Lead a team of Information Security specialists and interact with all functions of Product development and internal IT to assure compliance and adherence to policies and practices.
We know there’s no such thing as a “perfect" candidate - we’re all a work in progress and are growing new skills and capabilities all the time. We encourage you to apply for a position with FWI even if you don’t meet 100% of the requirements. We believe in fostering an environment where there are a diversity of perspectives, in hopes that we can all thrive.
- Cyber risk and cyber intelligence: Keep abreast of developing security threats, and provide guidance and counsel to the senior leadership team. Develop organization wide standards and practices for security problems that might arise from customer contracts or from acquisitions or other business initiatives
- Security operations: Real-time analysis of threats
- Investigations and forensics: Determine what went wrong in a breach, and planning to avoid repeats of the same crisis
- Governance: Manage organization wide information security governance processes. Lead efforts to internally assess, evaluate and make recommendations regarding the adequacy of the security controls. Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation, and advocacy on audit responses.
- Security architecture: Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services
- Program management: Stay ahead of security needs by implementing programs or projects that mitigate risks and a roadmap for continual improvements. Stay abreast of information security issues and regulatory changes affecting at the global level.
- Identity and access management: Ensure that only authorized people have access to restricted data and systems. Lead the development and implementation of effective policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Data loss and fraud prevention: Develop and implement strategy for increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, PII, HIPAA, etc.
- Bachelor's Degree in Computer Science, Information Technology, Information Systems, Engineering, or related field.
- Ability to attain a professional certification/accreditation such as CISSP and/or CISM certification in 12 to 18 months of hire.
- 10+ years’ in Information Technology roles with progressive management and technical responsibilities.
- 7+ years’ of related management experience including people management and project/program.
- 5+ years’ experience in the architecture, design, and implementations of network security solutions in a multi-tiered web-based environment with legacy systems.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Up-to-date knowledge of information security methodologies and trends in both business and IT.
- Exceptional project management experience with large multi-faceted projects (budget, staff, complexity).
- Experience building high performance teams by promoting values, ideas and achieving consensus as well as coaching and mentoring skills.
- Excellent interpersonal and communication skills.
- Proven ability to work effectively with all levels of the organization.
- Very strong technical expertise in the areas of information security architecture, tools, firewalls, intrusion detection and remediation, and proxy.
- Demonstrated experience implementing and adherence governance of PCI DSS 3.0 or higher.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.