Chief Information Security Officer
- San Leandro, CA
- Information Systems
- SYS IT Security
- Full Time - Day
- Req #: 25668-16897
- Posted: January 17, 2020
SUMMARY: Formulates security strategy, security program oversight and security architecture development and implementation for the organization; the role covers all security technologies and services, physical and logical access control, and user profile management; responsibility for all data/information security policies, standards, evaluations, roles, and organizational awareness; works closely with a security committee to ensure that technological and physical access controls and policies meet the organization's data security requirements; responsible for managing data and information risks related to product development, technology solutions, crisis management, data privacy and regulatory compliance; directs the adoption and implementation of policies and procedures, manages cyber threat analysis activities and guides the development of the information security technical architecture and security standards, controls, procedures and guidelines for the computer platforms, applications and networks including utilization of cloud technologies; responsible for all security audits, internal, required by customers and governmental agencies.
DUTIES & ESSENTIAL JOB FUNCTIONS: NOTE: The following are the duties performed by employees in this classification. However, employees may perform other related duties at an equivalent level. Not all duties listed are necessarily performed by each individual in the classification.
1. Supervises staff and manages employee performance; provides on-going performance feedback, addresses problems, orients and trains employees, verifies competency and identifies and suggests way to develop skills; monitors workflow.
2. Works with functional areas to implement practices that meet defined policies and standards for information security
3. Coordinates information security and risk management projects with technology and operations groups as well as business teams
4. Provides strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
5. Directs the preparation activities to support HITRUST, SOC-2, customer and other audits.
6. Develops, manages and improves a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
7. Develops an IT security architecture roadmap that will identify security controls, and identify and assess current and new technologies that will enforce the organization’s security priorities.
8. Develops, maintains, and promotes information security policies, standards and guidelines.
9. Ensures that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
10. Creates and manages information security and risk management awareness training programs for all employees, contractors and approved system users.
11. Defines and facilitates the information security risk assessment process and work effectively with technology group in implementation of security measures.
12. Provides strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.
13. Establishes and implements a process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident.
14. Identifies, assesses, and prioritizes IT risks to data and systems, including external threats, cyber-crimes, internal threats and third-party risks; advises relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
15. Coordinates the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security or disaster event.
16. Performs other duties as assigned.
Any combination of education and experience that would likely provide the required knowledge, skills and abilities as well as possession of any required licenses or certifications is qualifying.
Required Education: Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or related field.
Preferred Education: Master’s degree in Information Security, Computer Science, Management of Information Systems, or related field.
Required Experience: Eight years of experience in a combination of risk management, information security and information technology fields; four years of experience in a senior leadership role; experience in developing information security policies and procedures, as well as executing programs that meet the objectives of excellence in a dynamic environment; experience managing cost center and departmental financial functions (budgets etc.).