American Cyber Security Management is in the business of providing Cyber Security Services to a wide variety of businesses. Our goal is to provide top virtual and contract security talent to businesses who cannot afford nor need full-time cyber security leadership.
American Cyber Security Management is interested in hiring prior Chief Information Security Officers (CISO) who can help us deliver on our vision.
The Chief Information Security Officers (CISO) will lead global, enterprise-wide, information security programs which are cost-effective at protecting key assets. This leader will be responsible for assessing customer situations and creating effective processes and procedures to enable a sound information security management system (ISMS). The ISMS will be jointly scoped with customers and will entail architecture, IaaS, PaaS vendors, application data and assets, corporate assets, Secure SDLC, contracts, policies and procedures. The CISO will oversee the assurance of the confidentiality, integrity and availability of enterprise information. Regular reporting and board level communications will also be required across all security metrics.
Duties and Responsibilities
- Define and lead a security strategy that is appropriately scoped, including the prioritization of spending based upon risk management and financial controls
- Oversee the safeguarding of the company’s assets, IP, computer systems, and the physical safety of employees and visitors
- Identify protection goals, objectives and metrics in alignment with the corporate strategy
- Oversee incident response planning and the investigation of security breaches, as well as assist with disciplinary and legal matters associates with such breaches
- Define and manage the evolution of security policies, standards, guidelines and procedures to ensure an appropriate level of security.
- Physical protection responsibilities will include asset protection, workspace violence prevention, access control systems, surveillance and more.
- Information protection responsibilities will include network security, network and system access, monitoring policies, employee education and awareness, and more.
- Overall responsibility of Information policy, process, procurement, implementation, training and management.
- Responsible for the awareness program and training of employees regarding the Information Security standards, policies and procedures.
- Represents product security design as well as secure service delivery to internal organizations
- Bachelor’s degree or equivalent business qualifications. MBA is a plus.
- 15 years IT experience with a minimum 10 years of security/infrastructure protection and info security audit experience. Minimum of 3 years direct interactions with executive management.
- At least 5 years security & audit experience required.
- Solid multi-platform knowledge. Experience in UNIX, Windows, Linux, and IP intranet/Internet security environments. A solid understanding or information technology and information security around these platforms.
- Proven professional experience evaluating IT infrastructure and applications, including network devices, firewalls, VPNS, desktop and server configuration, database security, relevant physical security, and other security devices and applications, with a goal of eliminating or mitigating security risk
- Solid knowledge of various compliance models, corporate security and network policies and procedures, as well as ISO-27001/2 experience
- Previous experience developing and implementing global security strategies
- Able to communicate security related concepts to a broad range of technical and non-technical staff
- Proven, successful track record of delivering products to the global enterprise software industry
- Experience with business continuity planning, auditing, disaster recovery, risk management, budgeting and contract/vendor negotiation
- Comfortable working in a fast-paced agile environment
- Seen as a creative, energetic, deep-thinker who delivers quality work products
- Must have a solid understanding of information technology and information security
- Background in management consulting or business process engineering is helpful
- CISSP certificate or CCSP plus GSLC certificates