Chief Information Security Officer
|Location||New York City|
|Job ID Number||SFG7018041804|
Our client is seeking to hire a CISO. Reporting to our Chief Technology Officer, this position is responsible for establishing and maintaining the company’s information security program to ensure information assets and associated technology, applications, systems infrastructure, and processes are adequately protected in the digital ecosystem. The CISO is responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets (data, networks, applications, and people), while supporting and advancing business objectives.
The CISO must be knowledgeable about both internal and external business environments, and ensure governance of information systems are maintained fully functional and secure mode.
Specific experience and proven success in leading digital security and governance programs including establishment of strategy and frameworks are required.
- Architect overall strategy and systems for how the company approaches information security, risk assessment, and compliance requirements.
- Lead programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts and driving responses as appropriate.
- Ensure that clear and timely business advice is provided to executive management on key information security and assurance issues.
- Establish an information security and risk management functional capability and framework across the organization.
- Lead and coordinate, internally and externally, responses to security incidents, providing timely reports during incidents and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
- Create and enhance security policies, standards, processes, and procedures.
- Collaborate with senior business representatives to develop and review new security policies relevant to changing conditions and priorities.
- Establish processes to respond in a timely and proactive manner to significant information security breaches.
- Monitor, manage and deploy security controls as appropriate to support business needs while minimizing risk.
- Oversee the close management and analysis of security information and events.
- Respond appropriately to investigations and forensic requests, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody.
- Ensure that processes are in place and that staff is appropriately skilled to respond to security incidents.
- The ideal candidate will have experience in a global financial services firm or fintech working on a trading platform.
- Experience in, or a strong knowledge base of and passion for learning everything about blockchain and cryptocurrency.
- Bachelor’s degree in computer science, information systems, computer engineering, electrical engineering, system analysis or related field of study, or equivalent experience.
- Professional security management certification such as CISSP, CCISO, CISM, and/or CISA strongly preferred.
- 10+ years of experience in a combination of risk management, information security, and IT, with 5+ years in a senior leadership role.
- Strong knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
- Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, and PCI DSS.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
- Knowledge of business IT ecosystems, SaaS, IaaS, PaaS, cloud computing, SOA, APIs, open data, open systems, microservices, event-driven IT and predictive analytics.
- Exceptional soft and interpersonal skills, including teamwork, facilitation, and negotiation.
- Strong leadership skills.
- Excellent written, verbal, communication, and presentation skills.
- Excellent planning and organizational skills.
- Comfortable, experienced, and accomplished at working with business executives, and able to push back in a professional and diplomatic way.
- Highly collaborative and supportive of business and our ideas and strategies.
- Vendor and technology neutral, more interested in business outcomes than in personal, or those business and IT leaders vested personal preferences.
US Citizens and those authorized to work in the US are encouraged to apply. We are currently unable to sponsor any candidates at this time.