Deputy Chief Information Security Officer
Nassau
- Hartford, CT
- Permanent
- Full-time
- Strategic Leadership: Assist the CISO in developing and maintaining a company-wide information security strategy and program to combat information security threats.
- Policy & Compliance: Ensure organization-wide adherence to information security policies, standards, and regulations. Prepare for and lead internal audits and assist with external audits.
- Security Awareness: Lead security awareness training initiatives to ensure staff understands and adheres to critical security policies.
- Incident Response: Oversee and participate in the incident response team. Ensure rapid and effective response to security incidents.
- Risk Management: Assist in evaluating potential security risks and develop strategies and measures to manage and mitigate them.
- Vendor Relationships: Engage with vendors to understand the security features and shortcomings of their products and services.
- Program Management: Oversee security projects, ensuring that milestones are met and are in line with security standards.
- Reporting: Provide regular reporting on the status of the information security program to senior business leaders and the board of directors.
- Oversee IT Security Governance, Risk and Compliance: review approved use of compensating controls, approve exceptions, and work with internal and external auditors.
- Supervise department staff: Assign personnel to projects and direct their activities, ensuring time is utilized effectively. Coach/Mentor staff. Understand departmental objectives and direct staff in accordance with them. Ensure development of staff for proper succession planning. Administer the performance review process for the department. When required establish job requirements, interview candidates, determine appropriate salary and title and make final hiring recommendation. Monitor the attendance of the department staff. Address performance problems when required. Plan and monitor staff development to meet the department objectives.
- Monitor and control expenses for cybersecurity and related IT technology effectively. Other duties as assigned.
- Bachelor's degree or equivalent experience with 10+ years of experience in IT, with 8+ years in Information Systems roles, and a minimum of 5 years in leadership positions.
- Security management certification; Certified Information Systems Security Professional (CISSP), and Security Manager or Auditor (CISM/CISA)
- Strong background in Information Security (“IS”): physical, environmental, telecommunications and network, and software development
- Experience leading IS operations in the areas of emerging threat: identification, response, and innovative mitigation strategies
- Knowledge and understanding of relevant legal and regulatory requirements, including SOC reports
- Knowledge of security operations, architecture and design, access control, cryptography, and business continuity and disaster recovery
- Ability to communicate clearly and effectively with C-Suite leadership, and Board of Directors, craft and present information to leaders in a concise and informative manner
- Internally motivated; high initiative, dependability, and ability to work with limited supervision with exceptional quality and diligence
- People skills: communication, decision making, guiding and motivating, forming partnerships to drive Cybersecurity and IT security strategy forward