Chief Security Officer Jobs

Job Purpose:

The Chief Security Officer (CSO) plays an integral role in leading the company Security (Cyber and Physical Security) organization, sets strategy, goals and objectives and performs multiple, self-guided technical and functional roles. company Security develops policies, standards and guidelines and provides services to mitigate cyber and physical risks to company information, IT systems, electronic products, facilities, and physical assets. company Security works with the business to assess risk and ensure that appropriate security measures are implemented. company Security also enables business opportunities by leveraging security capabilities.

An important part of the CSO role is to assist in prioritizing threats to the organization, and provide overall incident response when threats become incidents. The wide nature of the threats involves cyber and physical security concerns across multiple organizations and stakeholders and will often require response from those stakeholder organizations.

Essential Functions:

Security Management - Establishment, facilitation or directing of processes to protect an organization's facilities, assets, information, and services.

• Assesses, understands, and defines the organization's current and future requirements in terms of security.
• Responsible for corporate security (cyber and physical) for all entities.
• Analyses information from internal and external sources to identify gaps in security, regulatory and compliance capabilities Develops an actionable, repeatable, and reportable security strategy.
• Defines, publishes, and explains key performance indicators measuring the effectiveness of the security program.
• Conducts routine audits of technical code, networks and policies across the organization to ensure compliance with security standards.
• Works closely with all areas of the business to drive security policies and practices, including helping to prioritize work across areas that do not report into the security team.
• Communicates with a wide range of internal and external security stakeholders.
• Drives continual change in business, security, service delivery and IT environments.

People Management - Direct and indirect management of teams, employees and stakeholders Provide leadership and motivation as required.

• Direct management of assigned staff as well as mentoring others.
• Manage teams (Indirect) Clarify individual roles and responsibilities.
• Establish shared goals and set expectation to achieve those goals.
• Project resource prioritization and planning.
• Manage stakeholder expectations and communicate appropriately.
• Work closely with key stakeholder organizations to prioritize and drive tasks associated with security policy.
• Communicate vision and provide overall team leadership.

Financials - Track and measure costs to ensure appropriate investment and efficient and effective solutions to drive business value.

• Forecast technology and process refresh costs as well as budget management.
• Work with Finance and Procurement to determine service costs and establish business cases for investments.
• Achieve financial efficiencies by reducing and avoiding costs while meeting business needs.

Risk Management - Identifies and mitigates potential security risks.

• Tracks and manages security risks and identifies security vulnerabilities.
• Facilitates required action to address identified risks considering business needs and impacts.
• Drives and coordinates incident response activities.
• Integrates risk management practices with other governance mechanisms.
• Accountable for the organization’s vulnerability process and will help identify and mitigate vulnerabilities via periodic scans, alarming tools, and industry methodology.
• Performs risk and impact analysis for effective financial investments.
• Assess security risks associated with strategic planning, service design, implementation, and operational activities.

Compliance Management - Assess and facilitate compliance of the organization with external regulatory requirements that relate to security.

• Participates with external consortia on regulatory compliance.
• Manage or facilitate compliance audits and investigations.
• Understands, proactively and regularly communicates regulatory compliance requirements.
• Recommends the implementation of new controls in support of regulatory compliance.
• Design and implement internal controls and procedures that ensure compliance with existing regulatory requirements that relate to security.

Policies & Standards - Develop and deliver commercially acceptable policies and standards that mitigate physical and cyber risks to company information, IT systems, electronic products, facilities, and physical assets.

• Interpret and advise on policies and standards in consultation with stakeholders.
• Review and revise policies and standards as needed to reflect evolving business needs.
• Creates, reviews, publishes, and communicates security policies and standards with all stakeholders.
• Actively promote policies and standards through a variety of awareness methods.

Education:

Four years of college, resulting in a bachelor's degree or equivalent.

Certifications, Accreditations, Licenses:

CISSP, PSP or relevant certification preferred.

Relevant Work Experience:

Over 10 years in related field. 10+ years telecommunications or IT experience including 5 years information security preferred.

Special Knowledge, Skills, and Abilities

Leadership Competencies: Building Strategic Relationships, Building Trust, Impact, Coaching, Building a Successful Team, Aligning Performance for Success, Delegating Responsibility, Developing Others, Continuous Learning, Strategic Decision Making, Risk Taking, Communication, Formal Presentation, Negotiation, Managing Conflict, Sales Ability/Persuasiveness, Adaptability, Facilitating Change, Gaining Commitment, Innovation, Meeting Leadership, Leading through Vision and Values, Follow-up, Applied Learning, Contributing to Team Success, Customer Focus, Energy, Information Monitoring, Initiating Action, Managing Work, Meeting Participation, Planning and Organizing, Quality Orientation, Safety Awareness, Stress Tolerance, Tenacity, Work Standards, Technical and Professional Knowledge (Security and Compliance)

Technical Competencies: Customer Mgt., Relationship Mgt., Business Change, Personnel Management, Building Partnerships, Facilitating Change, Investment Planning, Budgeting, Supplier Mgt, Risk Mgt., Relationship Mgt., Governance, Compliance Mgt., Policy and Standard, Sourcing, Compliance Communication, Governance, Stakeholder Mgt., Acceptance, Infrastructure, Program Mgt., Architecture, Planning, Project Mgt. Deployment Mgt., Portfolio Mgt., Commercial Vision, Cost Mgt., Stakeholder Mgt., Service Continuity, Incident Mgt., Prioritization, Technologies, Security, Testing, Monitoring, Service Standards, IT Change, Infrastructure, Application Knowledge, Problem Mgt., Change Mgt., Event Mgt., Knowledge Mgt., Quality Mgt.

General Knowledge and Technical Skills: Policy and procedure development, implementation, and management; data, operating system, network, middleware, messaging, application and mobile service security controls; malware prevention solutions; encryption; vulnerability and threat management; security incident response; identity and access management; assessment, metrics and benchmarking; third-party security program management; security awareness.

Supervisory Responsibility:

This position has one or more employee direct reports.

Must be a US citizen and must be eligible to obtain a US government security clearance.