Chief Information Security Officer
The Chief Information Security Officer (CISO) focuses on delivery of managed security services and provides the security voice to the strategic planning of the account. In this capacity the CISO has four primary areas of focus:
Responsibilities of the CISO include:
- Communications and Relationship – ability to effectively communicate with all account stakeholders foster security awareness among the organization staff and stake holders.
- Risk and Control Assessment –assessment of risk of the information assets of the organization and the recommendation of controls in light of the value vs. threat vs. vulnerability vs. cost.
- Threat and Vulnerability Management – conduct periodic vulnerability assessment of the assets of the account including the analysis of the logs of the various systems for initiating preventive measures.
- Identity and Access Management – Ensure that process exists in the organization for the creation, modification, access privileges and deletion of user identity. Conduct review to assess that the access privileges are on the basis of need to know.
- Mission and Mandate – determine the scope and role of information security policy, operations and audit.
- Governance – in accordance with FDA and account IT governance, define expectations, grant authority and verify performance of IT operations and controls.
- Policy – security policy development and management
- Security Training and Awareness – development and enablement of security training and awareness across the account.
Please see complete job description online.
Requires BA/BS with 10 years of experience with at least 4 years of management level responsibility. Has specialized knowledge in at least one area of expertise and a general knowledge in 1-2 other areas.
How to Apply:
- Minimum of Bachelor's degree in a field related to technology, networking/telecommunications or information architecture.
- Minimum 7 years of progressive leadership experience in information security.
- Solid understanding and experience with enterprise level IT security programs, best practices, and/or standards.
- Extensive experience with government IT standards such as NIST and FISMA
- CISSP (Certified Information Systems Security Professional) or similar security qualification with a current certification.
- Certifications in areas related to network management and security (SANS, ISC2, or other Security Certifications).
- Experience planning and managing strategically in the context of an organization's information, communication, business and technical environment.
- Experience with network protocols relating to both systems and networks.
- Broad understanding and awareness of compliance issues related to information resources in a higher education environment.
- Strong time-management and organizational skills, with a record of being flexible, accurate, detail-oriented, reliable, and self-motivated.
- Excellent interpersonal skills, coupled with strong written and oral communication skills, sufficient to convey complex issues effectively to technical and non-technical audiences.
- Demonstrated ability to work in a team-oriented work environment, both as a team member and team leader.
Previous experience with risk management, identity management, business continuity planning, and contract and vendor negotiation for a medium to large organization.