---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: CISO
Location: Northern Suburb, New Jersey, United States
Type: Permanent F/T
Closing Date: 2006-07-27
Overview:
The Chief Information Security Officer will be primarily responsible for
creating, implementing and monitoring a global strategy for all aspects of
protecting the Company's information, including corporate intelligence
analysis, physical protection, automated protection, risk vulnerability and
mitigation, security breach event monitoring and investigation. The CISO will
view information security from a business perspective and ensure that the
business in not disrupted in any way due to security breaches or threats.
He/she would identify and eliminate redundant and narrow security interests
that may be present in the current vertical department structure. Reporting to
the CSO, the CISO will operate independent of IT and the business functions.
RESPONSIBILITIES:
Identify, develop, implement and maintain security processes, practices and
policies throughout the organization to reduce risks, respond to incidents and
limit exposure and liability in all areas of information, financial, physical,
personal and reputational risk;
Define what organizational information (e.g.; personnel data, merchandising and
marketing, sales and financial information, contracts, litigation, proprietary
meetings and briefings) is deemed sensitive, critical or proprietary and
evaluate the current methods of protecting that information against external
and internal threats;
Research and deploy state-of-the-art technology solutions and innovative
security management techniques to safeguard the organizations assets, including
intellectual property;
Plan and develop user security awareness, training and education program to
safeguard information against accidental or unauthorized modification,
destruction, or disclosure of critical information through mishandling of
information or the inappropriate elicitation of information from informed
sources;
Establish a protocol for creating, distributing, using, handling and disposing
of documents containing sensitive information;
Liaise with IT division and business units to assess external and internal
threat vulnerabilities and understand the nature and probability of
catastrophic and significant security risk events;
Develop, implement and monitor a comprehensive global application access
security policy and organize diverse security practices in a manner that
satisfies the guidelines contained in the PCI security standard and other
compliance initiatives;
Serve as the organizations primary resource on industry best practices related
to information security and develops relationships with law enforcement,
intelligence and private sector counterparts;
Develop, lead and manage incident response teams and oversee the investigations
of security breaches and assist with disciplinary and legal matters associated
with such breaches;
Represent the Board of Directors on all security-related incidents and liaise
with internal and external auditors as required;
Coordinate and implement site security, operations and activities to ensure
protection of executives, managers, employees, customers, stakeholders,
visitors, etc. and physical and information assets, while ensuring optimal use
of personnel and equipment;
Assist the facilities department to ensure that physical security (e.g.; campus
access controls, visitor policy, printers, computers, facsimiles, etc.) is
adequately implemented and enforced to protect critical information assets;
Oversee the Company's insurance and risk transfer function.
JOB REQUIREMENTS
---------------------------------------------------
REQUIREMENTS:
Background and minimum 15 years of experience in the following areas: security
management, information systems management, criminal justice, accounting and
finance, business administration and law;
Proven track record in building, improving and managing components of Corporate
Information Security group;
High quality analytical skills, management experience and exceptional
relationship management competencies;
Qualitative experience in strategic planning and / or policy development at a
senior level;
Able to establish relationships with all business areas and act in a
consultative manner to identify the security requirements applicable to each
business area and to intertwine security needs with the goals and objectives of
the organization;
Able to communicate security-related concepts to a broad range of technical and
non-technical staff, management and executives;
Ability to effectuate change into the organization;
Ability to interact with a wide range of internal staff members and external
professionals, including regulators, consultants, auditors, legal counsel, and
others;
Working knowledge of prevention, detection and verification controls associated
with information security within applications, systems and networks;
Understanding of information technology security (including firewalls, Virtual
Private Networks, vulnerability / penetration testing and other security
devices);
CISSP and/or CISA are valued but not required;
Ability to Europe and Asia required (15% to 25% travel potential.)
CONTACT
---------------------------------------------------
Send resume in Word compatible format to recuiter, Don Cornell, for prompt and
confidential consideration.
No cover letter needed.
Security Recruiters
Don Cornell
dwc@securityexecs.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
