Location: All cities,NY, USA
Full-time Chief Information Security Officer - Zones - Albany, NY Albany, NY February 18, 2022
Job detailsJob TypeFull-timeFull Job DescriptionPosition Overview The Chief Information Security Officer (CISO) is a senior Information Security executive accountable for the development and oversight of policies and programs intended for the mitigation and/or reduction of compliance, operational, strategic, financial and reputational security risk strategies relating to the protection of data, systems and technology.
This position combines responsibility for Cybersecurity, Security Architecture and Engineering, Education and Awareness, Governance Risk and Compliance, and Identity and Access Administration (IAM). You will be primarily focused on Zones corporate assets but also responsible for Cyber security operational components supporting client engagements and platforms.
The Chief Information Security Officer operates within the IT organization and works closely with the Legal group as well as the Services organization. Based in Albany, NY Houston, TX or Auburn WA, the successful candidate will be an innovative and strategic leader who can drive Zones security program to its next level of maturity. In order to be successful in this global role, the candidate must have a strong understanding of cybersecurity, including the technical aspects, have a thorough understanding of cloud security technologies and security best practices, be able to directly manage a global cybersecurity crisis, have extensive experience in a large distributed global enterprise, have strong people skills and be able to effectively communicate with stakeholders at all levels in the organization. Additionally, the leader must have experience working with global associates in North America, Europe and Asia Pacific. The Chief Information Security Officer will be a key member of the leadership team whose charter is to own our IT security posture, processes and standards, globally. We are looking for an individual who wants to make an impact and grow professionally. Zones is a diverse technology company with over $2 billion USD in revenue and clients ranging from mid-market companies to Fortune 500 enterprises. Our business model is complex, and we are rapidly evolving from a product sales company to an IT solutions and services company. This requires us to transform how we interact with our customers, what steps we take to empower our team members, and how we optimize our internal operations and our interactions with vendors and partners. Key Responsibilities The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The CISO is primarily responsible for: Developing an effective strategy to assess and mitigate risk (foreign and domestic), managing crises and incidents, maintaining continuity of operations, and safeguarding the organization. Directing staff to identify, develop, implement, and maintain security processes, practices, and policies throughout the organization to reduce risks, respond to incidents, and limit exposure and liability in all areas of informational, financial, physical, personal, and reputational risk. Ensuring the organizations compliance with local, national, and international regulatory environments where applicable to the accountability of this role (e.g. privacy and data protection). Researching and deploying state-of-the-art technology solutions and innovative security management techniques to safeguard the organizations personnel and assets, including intellectual property and trade secrets. Recruiting, hiring, and retaining a top performing and diverse team of security professionals to execute on the comprehensive security strategy. Establishing appropriate standards and associated risk controls. Staying ahead of the global threat landscape and the technologies used to defend corporate assets, reputation and revenue-streams. Tracking the latest technical security innovations and paradigms (e.g. Zero Trust Model) and mastering the latest cyber security technologies. Developing relationships with high-level officials in law enforcement and international counterparts to include in-country security and international security agencies, intelligence, and other relevant governmental functions as well as private sector counterparts worldwide. Managing/addressing Zones commercial and statutory needs as they relate to security (e.g. technical responses to bids/RFQs for security questions, deciding on optimal set of standards to abide by and instituting processes/controls accordingly). IT security - typically addresses security related risk issues across all layers of an organization's technology stack. This may include: Emerging Technologies and Market Trends Identity and Access Management Incident and Crisis Management Information and Privacy Protection Risk and Compliance Management, Security Architecture Organizational Resiliency Programs and Assessments Threat, Intelligence and Vulnerability Management We are seeking candidates with the following experience and skills: Who You Are You have a high level of personal integrity and the ability to handle confidential matters professionally and demonstrate the appropriate level of judgment and maturity in balanced risk decision making. You understand the complex geopolitical environment of crime, hacktivism and nation-state activity. You are able to integrate your deep knowledge of security implications for networks, systems and implications with business process and behavioral security concerns into a single risk picture. Operating in a highly dynamic environment with the ability to respond and react decisively in a changing set of circumstances and priorities come naturally to you.
You can quickly assess complex situations and take appropriate action, such as during security incidents. You possess intellectual curiosity, out-of-box-thinking, strong problem-solving skills, excellent communication skills, and an ability to work and influence across multiple stakeholder groups. You have the ability to not only negotiate and communicate with key stakeholders where commercial appetites conflict with risk mitigating controls; but also to show confidence defending a strong risk position ensuring that Zones increasingly client-integrated IT is well protected against incidents and attacks. You Possess 15+ years of relevant information security experience, ideally with an engineering/architecture background Experience communicating information security related concepts to a broad range of technical and non-technical audiences; will have to be an articulate and persuasive leader who can serve as an effective member of the senior leadership team Exceptional communication skills necessary to advise and influence senior management, the Board of Directors and external organizations Strategic leadership skills to drive the companys vision for cyber security while maintaining an execution-oriented mindset to drive results; an entrepreneurial spirit; ability to serve as a hands-on leader Technical background in cyber risk management, privacy, and incident response Thorough understanding of IT systems and security tools, including methods, procedures, equipment and software used for delivery; deep understanding of Cloud, Internet of Things, and database development Knowledge of the breadth of security technology options and associated vendors, including how they are deployed in architectures Deep knowledge of Cloud Security (Microsoft, AWS, Google, etc.) and extensive security knowledge of Microsoft O365 / CSP and Azure Security A track record of assessing threat and vulnerability from a business perspective as well as a technical perspective; and the ability to develop and champion affordable, efficient and timely security architectures and