Chief Information Security Officer

The Chief Information Security Officer (CISO) holds the responsibility of defining and maintaining the organization's vision, strategy, and programs to ensure the adequate protection of information assets and technologies. This pivotal role entails overseeing the implementation of comprehensive information security policies, risk management strategies, and compliance with regulatory standards to safeguard the organization's data, systems, and operations against evolving cyber threats. As the CISO, your key responsibilities will include: Strategic Planning: Developing, implementing, and monitoring a comprehensive enterprise-wide information security and IT risk management program. Seeking top management support and direction for implementing information security measures. Identifying and setting information security goals and objectives in alignment with the organization's business needs. Defining the scope and boundaries of the organization's information security program. Staying up-to-date on legal, regulatory, and industry-specific requirements to ensure compliance. Planning and establishing an organization-wide Information Security Management System (ISMS) in compliance with ISO/IEC 27001 standards and regulatory guidelines. Identifying, assessing, and mitigating information security risks in alignment with business priorities. Defining information security measurement metrics and other key performance indicators. Developing and maintaining business continuity, disaster recovery, and incident response plans. Driving awareness and training programs to embed a culture of security within the organization. Seeking approval for information security plan, budget, and resources from top management. General Planning: Identifying and establishing organization-specific information security policies, standards, procedures, guidelines, and processes. Defining and implementing a formal process for creating, documenting, reviewing, updating, and implementing security policies. Regularly assessing and revising security policies to address evolving threats, business needs, and compliance requirements. Leading and coordinating the development of tailored information security policies, procedures, guidelines, and processes in collaboration with relevant stakeholders across the organization. Obtaining top management approval for all security policies, procedures, guidelines, and processes. Information Security Management: Assisting in developing, maintaining, reviewing, and improving a strategic, organization-wide Information Security and Risk Management Plan. Developing comprehensive Information Security Policies, Standards, and Guidelines for organization-wide use. Enforcing the implementation of approved security policies, procedures, guidelines, ISMS, and other frameworks. Integrating security considerations into organizational business processes and IT system life cycles. Issuing alerts and advisories regarding new vulnerabilities and threats. Performing risk assessment steps. Implementing automated and continuous monitoring of security incidents. Recording and remediating information security incidents and breaches. Raising information security awareness among stakeholders. Defining and implementing change management plans. Ensuring compliance of information security by third-party service providers. Reviewing audit and examination reports. Coordinating or assisting in the investigation of security threats or attacks. Providing regular reports on the state of information security to senior management and the Board. Key Interactions: Internal Stakeholders: - CXOs - Heads & Leads of Business & Functional Units - Employees External Stakeholders: - Third Party Service Providers - Customers/Users - Technology Partners Key Skills & Behavioral Attributes: Technical Skills: - Cybersecurity Expertise - Risk Management - Compliance and Regulations - Technical Proficiency Leadership and Communication Skills: - Strategic Thinking - Team Leadership - Communication Skills - Presentation Skills - Negotiation Skills Business Acumen: - Business Understanding - Financial Management - Change Management Additional Desirable Skills: - Crisis Management - Vendor Management - Problem-Solving - Continuous Learning Education / Experience: Minimum Qualification: - A bachelor's or master's degree in a relevant field Nature of Experience: - Minimum of 15-20 years of progressive experience in technology, information security, Data Privacy, Compliance, and Risk Management on leadership roles.,