Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the organization's vision, strategy, and programs to ensure information assets and technologies are adequately protected. The CISO leads the cybersecurity strategy, manages risk, and ensures compliance with security policies, regulations, and standards. This executive role works closely with IT, risk management, and senior leadership to safeguard the organization against cyber threats.

Key Responsibilities:

• Develop and implement the organization's information security strategy, policies, and procedures.
• Identify, assess, and manage cybersecurity risks across all systems and business units.
• Lead the incident response process and manage security breaches or threats.
• Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 27001, GDPR, NIST).
• Oversee security operations, including network security, endpoint protection, data encryption, and access management.
• Collaborate with IT teams and business units to integrate security best practices into technology projects.
• Conduct security awareness training and promote a culture of security across the organization.
• Manage security audits, penetration testing, and vulnerability assessments.
• Report on the state of information security to the board and executive leadership.

• Bachelor's or Master's degree in Information Security, Cybersecurity, Computer Science, or related fields.
• Extensive experience (typically 10+ years) in cybersecurity, IT risk management, or information security leadership.
• Strong knowledge of cybersecurity frameworks, risk assessment, and regulatory compliance.
• Proven experience in managing security teams and security operations.
• Strategic thinking and ability to align security initiatives with business objectives.
• Excellent leadership, communication, and stakeholder management skills.
• Professional certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.
• Experience with incident response, threat intelligence, and security technology implementations.