CISO (Chief Information Security Officer)

The CISO is responsible for identifying, evaluating and providing templates, cadence and quality reviews for reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives through a road map and executable plan provided to the Global CIO.

The CISO serves as the advisor to the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology,applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization.

• Provide regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
• Work with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
• Create and manage a targeted information security awareness training program for all employees,contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services,including privacy, risk management, compliance and business continuity management.
• Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
• Advise the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.
• Develop,implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability,safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
• Create a framework for roles and responsibilities with regard to information ownership,classification, accountability and protection of information assets.
• Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
• Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.

‍

‍

• Bachelor’s degree in related business or technical areas, or an equivalency of education and work experience
• Minimum of seven to 10 years of experience in a combination of risk management, information security and IT or OT jobs (at least five must be in a senior leadership role)
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization​
• Security certifications desired (e.g., CISSP, GIAC, CEH, etc)

‍