The Deputy Chief Information Security Officer (CISO) will serve as the right hand to the CISO and act as key thought leader in information security for the organization. The role will work with the CISO to establish information security strategy for the organization that is aligned to organizational priorities, enabling business initiatives through directing the implementation and monitoring of information security solutions, standards, and policies. This role will be key role towards building consensus and bridging business, information security and technology, as well as defining, implementing, and maintaining information security frameworks, key risk indicators and programs to aid in implementation and standardization of security practices. Responsibilities include, but are not limited to: Strategy & Planning
- Assist CISO in developing an information security vision and strategy that is aligned to organizational priorities enabling and facilitating the organization's business objectives, and ensuring senior stakeholder buy-in and mandate.
- Assist CISO in management and coordination of security architecture standards, along with program implementation and execution to ensure adherence to security standards and policies and provide application experience in managing vulnerabilities and incidents.
- Develop operational level roadmaps, communicate plans, and support requirements to meet frameworks; define and execute improvement plans for underperforming security areas.
- Maintain security policy review process for timelines and effective thread mitigation, as well as compliance of laws, regulations, and regulatory guidance.
- Support compliance improvements - furnish information relevant for audit activities, receive and direct compliance issues to appropriate resources for investigation & resolution.
- Define local-level KPIs and collect and report necessary metrics to CISO and Executive management.
- Communicate identified threat information to Division BISO and Enterprise levels.
- Support implementation and execution of the security control framework including but not limited to CIS Security Controls, NIST800-53, FFIEC CAT.
- Direct oversight for a team of Business Information Security Officers aligned to key business areas to ensure consistent and high-quality information security management in support of business goals.
- Direct oversight for Security Architecture, including security transformation function.
- Determines information security approach and operating model in consultation with key stakeholders and aligned with risk management approach and compliance monitoring.
- Works effectively with business units to facilitate information security risk assessment and risk management processes and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite.
- Creates necessary internal networks among information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
- Builds out appropriate business engagement model and support functions.
- Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.
- Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
- Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from laws, standards, and regulations.
- Develops and maintains a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversees the approval and publication of these information security policies and practices.
- Creates a framework for roles and responsibilities regarding information ownership, classification, accountability and protection of information assets.
- Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels.
- Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors, and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.
- Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
- Participates in leading industry forums and consortiums to represent business interests and set standards/practices.
Apply on company website