CISO ( Chief Information Security Officer )

Sigue Corporation seeks an experienced, energetic, engaging and visionary leader who wants to become part of an exciting, vibrant community of information technology professionals. Information technology plays a vital and ever-expanding role in Sigue's mission. Sigue's information technology environment is distributed and diverse, with strong leadership and coordination from Chief Information Officer (CIO) and direct report units. We are seeking a strong, knowledgeable leader to provide vision, strategy, broad-based planning, and hands-on responsibility as the company's Chief Information Security Officer (CISO). The CISO reports to the CIO, is a member of the CIO leadership team and serves a key role in company leadership, working closely with senior administration and business leaders. The CISO is an advocate for Sigue's total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the company. The CISO leads the development and implementation of a security program that leverages collaborations and company-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the company level. DUTIES AND RESPONSIBILITIES Company and Program Leadership Responsible for the strategic leadership of the company's information security program. Provide guidance and counsel to the CIO and key members of the company leadership team, working closely with senior administration, and business leaders in defining objectives for information security, while building relationships and goodwill. Work with company leadership to oversee the formation and operations of a company-wide information security organization that is organized toward a common goal in information security. Promote collaborative, empowered working environments across company, removing barriers and realizing possibilities. Manage company-wide information security governance processes, and work with department heads to establish an information security program and project priorities. Lead information security planning processes to establish an inclusive and comprehensive information security program for the entire company. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements. Stay abreast of information security issues and regulatory changes affecting the money transfer business and communicate to senior management and the company on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position. Provide leadership philosophy for the Information Security Office to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the business. Mentor the Information Security Office team members and implement professional development plans for all members of the team. Represent the company on committees and boards associated with the company's system and in national and regional consortium's and collaborations Perform special projects and other duties as assigned. Policy, Compliance and Audit Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company's information and technology systems. Work with Internal Audit, State Regulators, and outside consultants as appropriate on required security assessments and audits. Coordinate and track all information technology and security related audits including scope of audits, businesses/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the company in its best light. Provide guidance, evaluation and advocacy on audit responses. Work with company leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the company to effectively address state and federal statutory and regulatory requirements. Develop a strategy for dealing with an increasing number of audits, compliance checks and external assessment processes for internal/external auditors. Outreach, Education and Training Work closely with IT leaders, technical experts, and business leaders across the company on a wide variety of security issues that require an in-depth understanding of the IT environment in their units, as well as the research landscape and state & federal regulations Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities. Work with company groups such as Network Managers, System Managers, Database Mangers, Development Managers and other technical organizations and resources to build awareness and a sense of common purpose around security. Pursue agent and consumer security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program. Risk Management and Incident Response Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the company. Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk. Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies. Examine impacts of new technologies on the company's overall information security. Establish processes to review implementation of new technologies to ensure security compliance. Qualifications 7+ years as a security professional CISSP and/or CISM certification (or equivalent cert) desired Previous experience in financial services or another highly regulated industry desired Experience with anti-fraud strategies is a plus Excellent understanding of web and mobile application security strategies, testing methods, common vulnerabilities, and countermeasures required (e.g., XSS, CSRF, SQLi, etc.) Must have strong network technology skills; previous experience with Palo Alto firewalls a plus 4+ years working in a Microsoft environment Prior experience hardening Windows operating systems and Active Directory required Knowledge of Powershell scripting a plus Experience with Intrusion Detection Systems (IDS/IPS) Must be hands-on Excellent written and verbal communication skills Strong work ethic, demonstrated self-starter, and ability to lead in a fast paced, team oriented environment Strong organizational skills Strong technical aptitude, a desire to learn and adapt, and a very strong interest in security are musts Proven skills and prior work experience in one or more of the following areas: Disk and/or database encryption Incident response tactics Leading forensics investigations Systems administration Software development (e.g., .Net, C#, .aspx) Rapid7 Nexpose Metasploit
Salary Range: NA
Minimum Qualification
8 - 10 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.