Chief Information Security Officer (CISO)
Talascend is currently seeking a Chief Information Security Officer for a direct hire opportunity with our client located in Herndon, VA. Only considering candidates that have experience with data breach management and managing an actual data breach OVERVIEW: Reporting to the Chief Information Officer, the Chief Information Security Officer (CISO) is responsible for the overall organizational security strategy, security program oversight and security architecture development for the Company. The scope of this role covers all utilized security technologies and services, including protection services, perimeter defenses, physical and logical access control, and user profile management of all employees, contractors and visitors. As the organization's senior security officer, this person also has enterprise-level responsibility for all data/information security policies, standards, evaluations, roles, and organizational awareness. The CISO will work closely with the designated privacy officer within Legal to ensure that technological and physical access controls effectuate the organization's data privacy policies. The incumbent will work with business, risk management, and technical stakeholders in the development and implementation of a security strategy designed to provide a high level of security over physical facilities and data processing while preserving and enhancing facility and system usability. The incumbent must be able to develop and implement flexible security solutions, dictated by the needs of a hybrid and rapidly evolving business environment. PRIMARY RESPONSIBILITIES: Strategic Management: Strategy - develops, maintains, promotes, and socializes the information security strategy. Program management - develops, maintains and enhances the organization's security program. Policy - manages information security policies, standards, procedures and guidelines; ensures alignment with IT and organizational strategy, and regularly reviews to reflect changing threat landscapes, regulatory requirements, and industry best practices. Directs the planning and implementation of IT systems, business operation, and facility defenses against breach and vulnerabilities. Actively seeks opportunities to optimize financial costs/investments when making decisions that have a financial implication. Creates new and innovative approaches to activities that enhance employee and company security and performance. Assesses risks in implementing business innovations. Actively looks for and uses external influences to make effective business decisions. Contributes to guiding staff and other leaders on fulfilling the IT department and company mission and vision. Workflow Management: Develop, publish, and maintain comprehensive security strategy, plans, policies, procedures, and guidelines. Works with Risk Management in maintaining the organization's disaster recovery, business continuity, and global communications, and incident response plans. Works with Legal in overseeing all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of information in compliance with organizational policies and standards. In coordination with Legal to lead compliance to organizational privacy standards and applicable law and regulation, including FISMA, FERPA and PCI. Manages the design and execution of NIST-based certification & accreditations (C&As), vulnerability assessments and security engineering activities. Support C&A activities, including: Review and development of system security plans and risk assessments. Design and execute penetration tests and security audits. Support continuous monitoring activities, including POAM updates, vulnerability scans, policy and procedure updates, configuration/incident management, and training. Manages security projects including requirements definition, task planning, research, testing, and implementation. Controls facility access and oversees monitoring of all security systems including CCTV and/or alarm systems. Develops the annual budget for the information security function, including personnel, capital purchases, and regular expenses. Collaborates on solutions to mitigate risks and enhance system and operational security. Implements cost effective security controls to meet organizational security requirements. Leads the internal Information Security Committee. Monitor changes to technology to ensure continued compliance with organizational privacy policies and security standards. Works with Legal in developing and delivering security awareness materials, security presentations, and information security training sessions that foster information security awareness within the organization. Coordinate response to security audit requests from participant organizations and institutions. Workforce Management: Monitors compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties. Motivate and provide leadership and direction to all staff. Interview and select qualified candidates for job opening in compliance with applicable employment laws. Monitor employee performance and provide on-going formal and informal feedback. Draft and administer staff performance evaluations in a timely manner. Conduct weekly staff meetings to ensure all staff are informed of any company and/or departmental changes and updates. Reward employees using formal and informal methods. Approve staff leave requests and timesheets and resolve employee attendance and performance concerns. Adheres to all applicable federal and state employment laws. Position may be required to perform other duties as required. These essential functions are representative of those that must be met by an employee to successfully perform the job. Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions. CISSP, CISM or equivalent certification. 5 years of direct experience in decision making in a converged (logical / physical) security management role. Demonstrated understanding of ISO/IEC 27002 -standards and practices. In-depth technical knowledge in implementing data protection and integrity, operating systems and network security, authentication, and security protocols. Experience and advanced understanding of NIST, FISMA, and PCI standards. Experience with: Maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, automated security patching, and vulnerability scanning systems. Administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status. Experience with data breach management and managing an actual data breach. Proven project management skills. Excellent presentation skills, with the demonstrated ability to effectively communicate with all levels of management. Live within a commutable distance of Herndon, VA. PHYSICAL REQUIREMENTS: Use of computer terminal and/or laptop computer for 8 or more hours a day. Use of a copy machine, fax machine, and telephone. Frequently required to sit for 7 or more hours per day. The employee is occasionally required to use hands and fingers to operate, handle, and reach. Vision abilities include close vision and the ability to adjust focus. The noise level in the work environment is usually moderately quiet. Must be flexible to do out-of-town assignments and travel via car, train, and airplane occasionally when needed, including travel and work from the business resumption data center. EDUCATION REQUIREMENT: Bachelor's degree in Computer Science or a related field, and 10+ years of progressively responsible experience in the information security field. A combination of education and experience, including through military service will also be considered.