Chief Security Officer Jobs

Job Purpose:

The Chief Security Officer (CSO) plays an integral role in leading the altafiber Security (Cyber and Physical Security) organization, sets strategy, goals and objectives and performs multiple, self-guided technical and functional roles. altafiber Security develops policies, standards and guidelines and provides services to mitigate cyber and physical risks to company information, IT systems, electronic products, facilities, and physical assets. altafiber Security works with the business to assess risk and ensure that appropriate security measures are implemented. altafiber Security also enables business opportunities by leveraging security capabilities.

An important part of the CSO role is to assist in prioritizing threats to the organization and provide overall incident response when threats become incidents. The wide nature of the threats involves cyber and physical security concerns across multiple organizations and stakeholders and will often require response from those stakeholder organizations.

Essential Functions:

• Conducts routine audits of technical code, networks and policies across the organization to ensure compliance with security standards.
• Drives continual change in business, security, service delivery and IT environments.
• Responsible for corporate security (cyber and physical) for all entities.
• Analyses information from internal and external sources to identify gaps in security, regulatory and compliance capabilities Develops an actionable, repeatable, and reportable security strategy.
• Works closely with all areas of the business to drive security policies and practices, including helping to prioritize work across areas that do not report into the security team.
• Defines, publishes, and explains key performance indicators measuring the effectiveness of the security program.
• Security Management - Establishment, facilitation or directing of processes to protect an organization's facilities, assets, information, and services.
• Communicates with a wide range of internal and external security stakeholders.
• Assesses, understands, and defines the organization's current and future requirements in terms of security.

• Work with Finance and Procurement to determine service costs and establish business cases for investments.
• Manage teams (Indirect) Clarify individual roles and responsibilities.
• Forecast technology and process refresh costs as well as budget management.
• Manage stakeholder expectations and communicate appropriately.
• Communicate vision and provide overall team leadership.
• People Management - Direct and indirect management of teams, employees and stakeholders Provide leadership and motivation as required.
• Direct management of assigned staff as well as mentoring others.
• Achieve financial efficiencies by reducing and avoiding costs while meeting business needs.
• Project resource prioritization and planning.
• Financials - Track and measure costs to ensure appropriate investment and efficient and effective solutions to drive business value.
• Establish shared goals and set expectation to achieve those goals.
• Work closely with key stakeholder organizations to prioritize and drive tasks associated with security policy.

• Risk Management - Identifies and mitigates potential security risks.
• Tracks and manages security risks and identifies security vulnerabilities.
• Performs risk and impact analysis for effective financial investments.
• Facilitates required action to address identified risks considering business needs and impacts.
• Integrates risk management practices with other governance mechanisms.
• Accountable for the organization’s vulnerability process and will help identify and mitigate vulnerabilities via periodic scans, alarming tools, and industry methodology.
• Assess security risks associated with strategic planning, service design, implementation, and operational activities.
• Drives and coordinates incident response activities.

• Understands, proactively and regularly communicates regulatory compliance requirements.
• Participates with external consortia on regulatory compliance.
• Compliance Management - Assess and facilitate compliance of the organization with external regulatory requirements that relate to security.
• Manage or facilitate compliance audits and investigations.
• Recommends the implementation of new controls in support of regulatory compliance.
• Design and implement internal controls and procedures that ensure compliance with existing regulatory requirements that relate to security.

• Creates, reviews, publishes, and communicates security policies and standards with all stakeholders.
• Actively promote policies and standards through a variety of awareness methods.
• Interpret and advise on policies and standards in consultation with stakeholders.
• Review and revise policies and standards as needed to reflect evolving business needs.
• Policies & Standards - Develop and deliver commercially acceptable policies and standards that mitigate physical and cyber risks to company information, IT systems, electronic products, facilities, and physical assets.

Education:

Four years of college, resulting in a bachelor's degree or equivalent.

Certifications, Accreditations, Licenses:

CISSP, PSP or relevant certification preferred.

Relevant Work Experience:

Over 10 years in related field. 10+ years telecommunications or IT experience including 5 years information security preferred.

Special Knowledge, Skills, and Abilities

Leadership Competencies: Building Strategic Relationships, Building Trust, Impact, Coaching, Building a Successful Team, Aligning Performance for Success, Delegating Responsibility, Developing Others, Continuous Learning, Strategic Decision Making, Risk Taking, Communication, Formal Presentation, Negotiation, Managing Conflict, Sales Ability/Persuasiveness, Adaptability, Facilitating Change, Gaining Commitment, Innovation, Meeting Leadership, Leading through Vision and Values, Follow-up, Applied Learning, Contributing to Team Success, Customer Focus, Energy, Information Monitoring, Initiating Action, Managing Work, Meeting Participation, Planning and Organizing, Quality Orientation, Safety Awareness, Stress Tolerance, Tenacity, Work Standards, Technical and Professional Knowledge (Security and Compliance)

Technical Competencies: Customer Mgt., Relationship Mgt., Business Change, Personnel Management, Building Partnerships, Facilitating Change, Investment Planning, Budgeting, Supplier Mgt, Risk Mgt., Relationship Mgt., Governance, Compliance Mgt., Policy and Standard, Sourcing, Compliance Communication, Governance, Stakeholder Mgt., Acceptance, Infrastructure, Program Mgt., Architecture, Planning, Project Mgt. Deployment Mgt., Portfolio Mgt., Commercial Vision, Cost Mgt., Stakeholder Mgt., Service Continuity, Incident Mgt., Prioritization, Technologies, Security, Testing, Monitoring, Service Standards, IT Change, Infrastructure, Application Knowledge, Problem Mgt., Change Mgt., Event Mgt., Knowledge Mgt., Quality Mgt.

General Knowledge and Technical Skills: Policy and procedure development, implementation, and management; data, operating system, network, middleware, messaging, application and mobile service security controls; malware prevention solutions; encryption; vulnerability and threat management; security incident response; identity and access management; assessment, metrics and benchmarking; third-party security program management; security awareness.

Supervisory Responsibility:

This position has one or more employee direct reports.

We were made aware of an employment scam in which a third-party is creating false communications under the altafiber name. We want to reiterate that altafiber never seeks payment from job applicants and only reaches out from @altafiber.com email addresses. We are encouraging applicants to apply through our website at altafiber Careers for added security.