CISO

Job Responsibilities

We are seeking a skilled and experienced professional to join our dynamic team as the Chief Information Security Officer (CISO). As a mid-sized software company, we are looking for a candidate who can lead our information security efforts with a focus on safeguarding our digital assets, ensuring compliance with relevant regulations, and implementing robust cybersecurity measures. This position is intended for a mid-level candidate with a focus on practical implementation and management of cybersecurity measures. The role is designed for a hands-on leader who can effectively navigate the unique challenges of a mid-sized software company.

Conduct periodic assessments to evaluate and enhance the effectiveness of the Information Security Management System (ISMS).
Ensure compliance with legal and regulatory requirements pertaining to Information Security (IS) through thorough evaluations.
Assess adherence to organizational Information Security (IS) policies, procedures, standards, guidelines, and directives, providing guidance to the Executive Leadership Team (ELT).
Conduct Information Security (IS) audits at least annually or following significant changes in IT systems/Infrastructure.
Generate comprehensive IS audit reports inclusive of recommendations to enhance Information Security (IS).
Seek senior management approval for IS audit reports before dissemination.
Periodically share approved audit reports with the Executive Leadership Team (ELT).
Lead customer facing reviews and Audits.
Desired Skills :

Strategic Planning

Secure endorsement and guidance from top management to facilitate the implementation of Information Security (IS) measures within the organization.
Identify IS goals and objectives aligned with organizational business needs and objectives.
Clearly define the scope and boundaries of the Information Security (IS) program.
Comprehend and adhere to legal and regulatory requirements related to Information Security.
Develop comprehensive IS implementation strategies.
Strategize and establish organization-wide Information Security Management System (ISMS) in accordance with the ISO/IEC 27001 Standard, directives, and other pertinent security standards.
Establish a risk management framework to guide IS initiatives.
Define key performance indicators and metrics for measuring the effectiveness of Information Security (IS).
Obtain top management approval for the Information Security (IS) plan, budget, and resource allocation.
Policy Planning

Identify Information Security (IS) policies, standards, procedures, guidelines, and processes.
Establish a formalized process for creating, documenting, reviewing, updating, and implementing security policies.
Clearly define the Information Security (IS) policy.
Establish a policy for the classification of information and information assets.
Take the lead in coordinating the development of organization-specific information security policies, procedures, guidelines, and processes in consultation with various stakeholders, including ELT.
Obtain approval for Information Security (IS) policies, procedures, guidelines, and processes.
Information Security Management Responsibilities:

Develop, maintain, and enhance organization wide IS and risk management plans.
Disseminate and enforce IS policies, procedures, and guidelines.
Integrate IS procedures with business processes and IT planning.
Periodically evaluate and enhance the effectiveness of IS measures.
Issue alerts, conduct risk assessments, and monitor security incidents.
Manage records of IS incidents, take remedial actions, and report to ELT.
Ensure compliance with legal and regulatory requirements for IS.
Raise and maintain information security awareness.
Evaluate and upgrade training and awareness programs.
Lead the implementation of Business Continuity Plan (BCP) and conduct mock drills.
Define and implement change management plans for IS systems and ISMS.
Ensure compliance with IS by contractors/suppliers.
Ensure that all storage media, when no longer required, are disposed security and safely as per laid down procedures.
Ensure safety and security of portable computing devices/storage media when they are taken outside of the organization.
Ensure all information systems with organization are adequately patched and updated.
Desired Qualifications:

Bachelors degree in computer science, Information Technology, or related field.
10 years of experience in a senior cybersecurity role.
Relevant industry certifications such as CISSP, CISM, or similar preferred.
Strong understanding of software development security practices.
Excellent communication and leadership skills