Chief Information Security Officer

About the role

The Chief Information Security Officer (CISO) will be responsible for all internal and client-facing security objectives and will strive to ensure that all information assets are properly protected. The CISO will provide a clear vision and direction for information and cybersecurity operations. As CISO, you will be responsible for overseeing a range of technical and process security controls and leading a program of continuous improvement in response to changing security threats and risk while working in consultation and collaboration with colleagues across OculusIT. The role requires a thorough understanding of the technology underpinning IT systems, as well as a broad, up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, cybersecurity operations, and management and governance of information risk.

Key Responsibilities

• Develop and maintain a cybersecurity strategy and operating model
• Define and embed an information security policy framework that addresses the needs of our clients and our service delivery
• Provide advice and direction in the integration of security practices operational processes
• Drive and deliver change to cybersecurity systems, processes and procedures by continuously analyzing and reviewing new security technologies and practices as informed by industry best practices
• Develop and lead an effective, high-performance information security team retaining and attracting key talent to ensure continuous improvement in staff competencies, skills and knowledge
• Ensure the resources and budget are managed effectively
• Provide senior leadership and oversight of effective information and cybersecurity risk management, integrated with risk management frameworks
• Ensure that information and cybersecurity risks are identified and managed appropriately
• Develop and maintain an effective information security management system and processes for continual improvement
• Ensure information security is managed effectively throughout the IT service delivery lifecycle
• Lead the development and delivery of measures and metrics to support the assessment, reporting and ongoing improvement of the information security posture
• Define and implement an appropriate information assurance framework for our clients utilizing our CISO services
• Ensure and promote an appropriate level of internal and client-facing information security culture and awareness

Experience

• Substantial experience in IT organizations encompassing service delivery and IT infrastructure
• A track record in the management and delivery of transformational security improvements across an organization
• Proven experience at engaging, influencing and managing stakeholders across departmental and organizational boundaries
• A track record in directing and managing innovative change and continuous improvement, ensuring excellent organizational performance and outcomes across a complex portfolio of responsibilities
• Experienced in leading, developing and motivating a team of subject matter experts
• Proven experience at managing budgets and resources with a track record of identifying and securing approval for business cases for organizational investment in information and cybersecurity

Knowledge & Skills

• An understanding of best practices within information security and risk management
• An understanding of legislation and regulations that impact information security
• An understanding of current and emerging threats and countermeasures and the organizational challenges to addressing these threats
• Practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, remote working and cloud technologies
• A collaborative leader with strategic acumen and problem-solving skills, able to inspire and motivate colleagues
• Demonstrable creativity and a commitment to future-proofing service delivery
• Initiative to lead and drive change
• Excellent written and verbal communication skills
• Ability to build strong relationships and influence decisions with internal and external stakeholders
• A good understanding of project management methodology and how to implement security within them
• Good analytical skills and the ability to challenge the status quo
• An ability to think and plan strategically and systematically while recognizing the need to deliver to the business requirements

Qualifications

• A four-year degree from an accredited institution, equivalent qualification or experience
• One or more security-specific certification such as CISSP, CISM, CISA, etc
• At least 5 years of direct experience