Chief Information Security Officer (CISO)

A seasonal, experienced, highly skilled information security specialist with outstanding qualification and demonstrated track record of securing / managing information security functions/wings of large IT companies. The leadership position is focused on understanding the security challenges in the current and future state of business operations, and to prepare the organization with the right tools, skills, resources, relationships and capabilities against growing information security risks. Must have degree of Masters / 4 years Bachelors in Information Security / Computer Science / Information Technology / Project Management / Business Administration from some reputed foreign or HEC-recognized institution / university.

Required Competencies:

• Professional security management certification like CCISO, CISM, CISSP, CISA, CEH, COBIT, ITIL, CompTIA Security+, SSCP, CCSP,
•  Minimum 8 to 12 years of experience in a combination of information (cyber/network/data) security and risk management.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, PCI-DSS and NIST.
• Excellent analytical and problem solving and leadership skills.
• Excellent written and verbal communication skills and high level of personal integrity.
•  Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
•  Experience with contract and vendor negotiations and management including managed services & Security Operation Center (SOC).
•  Specific experience in Agile (scaled) software development or other best in class development practices.
•   Experience with Cloud computing/Elastic computing across virtualized environments.

Responsibilities:

•  Manage, lead, mentor and motivate a team of professionals at different levels of hierarchy in the Information Security (IS) wing to ensure optimal utilization of their maximum potential.
•  Establish and maintain the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
•  Develop, maintain, enhance, implement and monitor information (Cyber/network/data) security management / information risk management processes / framework / methodologies compliance against CIA (Confidentiality, Integrity, and Availability).
• Ensure the confidentiality, integrity and availability of organization's information, data and IT services.
• Manage to provide a secure, reliable platform (application/network/infrastructure) organization-wide and to authorized third parties with the assurance that the platform is appropriate to process sensitive information.
• Develop, implement, and maintain corporate-wide Information Security policies, standards and technologies.
• Tracking latest IT security innovations and keeping abreast of latest information/cyber security technologies
• Ensure Disaster Recovery and Business Continuity.
•  Provide a centralized management structure for all information security functions.
• Perform IT security risk assessments and reporting on ways to minimize threats.
•  Develop strategies to handle security incidents and trigger investigations.
• Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
• Work directly with the business units to facilitate risk assessment and risk management processes
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of information security and risk management concerns.
•  Manage to perform internal information security audits on regular intervals against all technologies.
• In Case of a Security Breach, leads incident response activities to minimize the impact of a Security Breach. Technical and forensic investigation into how the breach happened and the extent of the damage.
•  Ensure compliance to legal, regulatory & contractual information security requirements.
• Manage to conduct information security awareness sessions / workshops on regular basis.
• ·Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
•  Manage staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.
• Ensure cybersecurity stays on the organizational radar.
• Ensure that cybersecurity is truly a central part of organizational culture, keeping stakeholders at all levels informed and vigilant.
• Any task assigned by management.