Pailin Group Executive Search
Chief Information Security Officer
Reporting to the Chief Information Officer, the Chief Information Security Officer (CISO) is the most senior information protection officer for the organization. The CISO will be responsible for building and maintaining the vision, strategy, and programs necessary to ensure information assets and technologies and data are adequately secured. As the champion of the organization’s next generation strategy, this individual will also drive the success of a platform of state of the art global shared security services.
The Chief Information Security Officer will be responsible for the following: (1) Driving the continuous evolution and deployment of an enterprise-wide, world-class information risk management program, (2) Identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and supports the risk posture of the enterprise, (3) Defining and driving policies, standards and processes to ensure that our practices meet the global, regional and local needs of the business, (4) Establishing and maintaining world-class integrated information security operations, (5) Serving as the process owner of all ongoing activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information, in compliance with the organization's information security policies, (6) Proactively working with business units and member firms around the world to implement practices that meet defined policies and standards for information security, (7) Working with board and governance committees to determine acceptable levels of information security risk for the organization and ensuring that information security is managed effectively and efficiently in terms of program evaluation, reporting and cost management.
Specific responsibilities include:
Leading the development and publishing of up-to-date security policies, standards and guidelines, and the enterprise-wide training and dissemination of security policies and practices.
Managing the enterprise's security organization, including hiring, training, talent development and performance management.
Ensuring that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
Setting and implementing consistent standards for IT security operations and support (i.e. intrusion detection systems, cyber security, firewalls, vulnerability assessment systems, penetration testing, secure email system, access control & identity management systems, network security, etc.).
Managing research and development activities designed to assess need, analyze costs and benefits, and develops strategies for deploying and integrating progressive security techniques and technologies.
Coordinating the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
Providing strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Creating information security and risk management awareness training programs for all employees, contractors and approved system users.
Creating, communicating and implementing a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.
Facilitating a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitating appropriate resource allocation, and increasing the maturity of the security.
Understanding and interacting with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.
Interacting with clients and client service teams to ensure a level of understanding and confidence in Deloitte security practices.
Collaborating with Risk and Legal function to a high level of consistent, comprehensive and effective practices are in place.
The ideal candidate will be a thought leader in the area of information security and privacy. He or She will be a consensus builder with a track record of integrating people and processes to drive a cohesive security strategy for a globally complex and diverse enterprise.
- Bachelor’s Degree (Bachelor's Degree/University Degree and/or Undergraduate Diploma in Information Security, Information Technology, Computer Science, Engineering or Mathematics or equivalent experience)
Years of Experience:
- 15 years of relevant work experience
Technical Skills / Desired Experience
Mastery level understanding of information security concepts, principles and drivers
Mastery level understanding of security, privacy, IT audit and legal security standards, guidelines and principles
Mastery level understanding of information technology within a large, highly-distributed organization
Strong understanding of state of the art security technology and technical concepts
Demonstrated ability to leverage advanced knowledge of a business structure and components of a product or service to identify current state for a project or endeavor; Ability to analyze gaps caused by change initiatives and determine potential opportunities
Experience conducting and/or coordinating technical security scanning, penetration testing, social engineering testing, application security testing, mobile device security analysis, network security analysis/operations
Experience with enforcing secure coding practices, threat modeling, identity and access management, and/or security incident response/recovery
Industry-recognized information security management certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) desired
Proficiency with common information security management frameworks
Other Skills / Qualifications
Multiple years of successful leadership experience operating within the Deloitte network of member firms OR a comparable global professional services organization required
Demonstrated ability to communicate effectively with stakeholders and customers regarding technical concepts
Demonstrated experience with global or multinational clients; ability to advise and counsel clients
Comprehensive understanding of strategic planning and program management
High degree of personal integrity and ethics as well as a passion for securing data systems and networks
Constantly striving for excellence using objective, transparent and agreed-upon standards
Excellent written and verbal communication and presentation skills for leadership, technical and business audiences
Exhibits strong leadership and management skills, business acumen, and the ability to build relationships to influence and drive change
Prior knowledge and/or experience with budget management
Superior analytical/problem solving ability; Superior critical thinking skills
Strong ability to communicate across all levels of the organization
Ability to work under constantly changing conditions and tight deadlines
- Ability to manage multiple goals and deadlines
Ability to travel as needed (estimated at 50%-70%)
Well qualified professionals please forward resume along with compensation requirements to the Pailin Group Professional Search Consultants
Robert Martin Informational Technology Group Division Manager