Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO leads the development and implementation of a company-wide information security program and works across departments to assess risk, implement best practices, and maintain compliance with regulations.

Key Responsibilities:

• Strategic Leadership

  • Develop and implement a strategic, long-term information security strategy and roadmap.

  • Lead information security planning processes to establish an inclusive and comprehensive security program.

• Risk Management & Compliance

  • Identify, assess, and manage information security risks and exposures.

  • Ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001, NIST).

  • Oversee audits and risk assessments and lead remediation efforts.

• Policy Development

  • Create and maintain policies, standards, and guidelines to ensure compliance and reduce risks.

  • Promote awareness of security policies and practices across the organization.

• Security Operations

  • Oversee day-to-day security operations, including threat monitoring, incident response, and vulnerability management.

  • Coordinate and manage security incident response processes and reporting.

• Team Management

  • Build, lead, and develop a high-performing information security team.

  • Provide guidance and leadership to security staff and cross-functional teams.

• Collaboration and Communication

  • Serve as the security liaison for all matters related to cybersecurity and data protection.

  • Regularly report security status, risks, and issues to senior management and the board.

• Technology and Innovation

  • Evaluate and implement cybersecurity technologies and solutions.

  • Stay current on emerging security trends, threats, and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (Masters preferred).

• 10+ years of progressive experience in information security, with at least 5 years in a leadership role.

• Industry certifications such as CISSP, CISM, CISA, or equivalent.

• In-depth knowledge of information security frameworks, risk management practices, and regulatory requirements.

• Strong leadership, communication, and stakeholder management skills.