Use Facebook or Google to sign in or register with SimplyHired. Who are we?Afiniti is the world's leading applied artificial intelligence and advanced analytics provider. Afiniti(R) Enterprise Behavioral Pairing (TM) uses artificial intelligence to identify subtle and valuable patterns of human interaction to pair individuals based on behavior, leading to more successful interactions and measurable increases in enterprise profitability. Afiniti operates throughout the world and has measurably driven billions of dollars in incremental value for our clients.PurposeAfiniti seeks an experienced, motivated security professional to serve as Chief Information Security Officer (CISO).Reporting to the General Counsel, the CISO will be Afiniti's principal leader for cybersecurity across the company.The CISO will work internally with all business leads and management across the company to develop and implement security practices focused on protecting customer and company assets, and externally, to promote the company's security methodology and framework to customers. The successful candidate will apply deep experience in developing and maturing a comprehensive security program that spans the enterprise as well as product development, engineering, and operations.The CISO is a global role for a multinational company with existing ISO 27001, ISO 27701, SOC 2 Type 2, and PCI DSS certifications.Key ResponsibilitiesMaintain and mature the organization's information security program based on emerging threats to the organization's systems and data, the company's compliance needs, third-party risks, and industry-wide best practices to protect and secure all company assetsPromote and personally drive a cross-functional and collaborative relationship with critical business partners and internal teamsDevelop a deep understanding of the company's infrastructure and service architecture to provide ongoing guidance to engineering teams about potential threats and vulnerabilities as well as insight into designing and prioritizing efforts to address themMaintain, mature, and execute on the company's security, privacy, and compliance goals; define security strategies, metrics, reporting mechanisms, and program services; and create maturity models and a roadmap for continual program improvementsProactively monitor emerging risk- and security-related methods, practices, processes, procedures, and technologiesIdentify, manage, and report on security eventsMaintain and mature the company's risk assessment, mitigation, and remediation effortsAnticipate and respond to client, partner, and regulatory inquiries by representing the company from security, compliance, and privacy perspectivesLead efforts around assessment, achievement, and maintenance of ISO, PCI, SOC2, HITRUST, and other accreditations and certifications for identified business activitiesCommunicate and report regularly on security strategy and operations to executive leadership and the Board of DirectorsDevelop training programs to ensure employees' understanding of the company's security policies and how those policies apply to their day-to-day activitiesLead the vulnerability management program including external and internal vulnerability assessments and remediation efforts, key security update tracking, and end-of-support planningPartner with the operations teams to grow and mature the company's Business Resiliency program inclusive of Command and Control, Business Continuity, Disaster Recovery, and Incident ResponseManage the company's eDiscovery programPrepare recommendations regarding new technologies and emerging practices to enhance the company's market position, including automation, geographical multifactor authentication, eDiscovery, data loss prevention, endpoint management, network segmentation, and moreEducation and QualificationsMinimum of a bachelor's degree in computer science or a similarly relevant technical field10+ years of information security experience, including at least one leadership role in a mid-size software company7+ years of experience working with national and international regulatory compliance frameworks such as ISO, NIST, PCI DSS, and HITRUST.Track record leading a comprehensive security program for a global companyProduct experience in compliance, cybersecurity, and/or data analyticsExperience advising engineering teams to develop secure applications and services with a security- and privacy-by-design mentalityTechnical acumen to develop cybersecurity posture and execute the strategy with a clear vision for the evolving needs within the cybersecurity functionUnderstanding the needs and concerns of large, global enterprise customersAbility to build relationships and influence all levels within an organizationExecutive-level oral and written communication skills with the ability to communicate technology, data, and risk concepts clearly-for both internal stakeholders and external customers-adapting the message to meet the audienceExperience creating a vision and providing the leadership and change management support to transform the vision into realityExperience managing physical security a plusCompensationAfiniti offers a competitive base salary, bonus, equity commensurate with experience and corporate benefits.We believe that richness in diversity is a huge asset for Afiniti. We value both the similarities and differences in everyone who is a part of the Afiniti team. We believe that this diversity builds a stronger organization and is in keeping with the core values of our company. Our policy, therefore, is to provide equal employment opportunities for all applicants and employees without regard to race, color, religion, sex (including pregnancy, childbirth, related medical conditions, breastfeeding or reproductive health decisions), gender identity or expression, national origin, age, marital status, ancestry, physical or mental disability, sexual orientation, personal appearance, genetic information, family responsibilities, matriculation, political affiliation, military or veteran status, or any other category protected under applicable federal, state or local law. This means that we comply with all applicable human rights and employment legislation, and we do not discriminate in any aspect of employment, including recruiting, hiring, compensation, promotions, reductions in force, or terminations. Manage Consent Preferences Always Active Always Active