Previous Job
Senior Information Security Specialist (CISO)
Ref No.: 17-03668
Location: New York, New York
TITLE: Senior Information Security Specialist (CISO)
LOCATION: New York, NY (Midtown)
DURATION: Direct Hire with Client

The Information Security Leader is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The Information Security Leader must have a sound knowledge of business management and a working knowledge of information security technologies. The Information Security Leader will proactively work with business units to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of IT-related risk management activities.

The Information Security Leader serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the Information Security Leader's role is working with executive management to determine acceptable levels of risk for the organization. The Information Security Leader must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.

Major Responsibilities
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Facilitate information security including the formation of an information security steering committee or advisory board.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
• Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
• Develop and manage information security budgets, and monitor them for variances.
• Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.

Requirements and Qualifications
Minimum of 5 to 10 years of experience in a combination of risk management, information security and IT jobs.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Project management skills: financial/budget management, scheduling and resource management.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.