Please exercise due diligence when applying for this job vacancy.
The Chief Security Officer is the leader of the corporate/physical security function, to include responsibility for overall corporate security strategy, security architecture development, and global function oversight. The scope of this role covers all utilized security technologies and services, including protection services, perimeter defences, physical and logical access control, and profile management of all employees, contractors and visitors. As the company’s senior security officer, this person also has enterprise-level responsibility for all data/information security policies, standards, evaluations, roles, and corporate awareness.
This person will work with user and technical groups and Internal Auditors in the development and implementation of a security strategy designed to provide a high level of security over physical facilities and data processing while preserving and enhancing facility and system usability. This person must be able to develop and implement flexible security solutions, dictated
by the needs of a hybrid and rapidly evolving decentralized business environment. The individual must be a results-oriented person who can achieve tangible improvements in the corporate security arena. Excellent technical and communications skills are a must, as well as proven security leadership experience.
The Chief Security Officer will be responsible for directing the activities of the security function. Responsibilities will include:
• Work closely with corporate executives, business managers, audit and legal counsel to understand corporate requirements related to security and regulatory compliance, and to
map those requirements to current security projects.
• Develop, implement, and manage the overall enterprise process for security strategy and associated architecture and engineering standards.
• Develop and implement policies, standards and guidelines related to corporate security.
• Oversee the continuous monitoring and protection of facilities, personnel and information
systems. Evaluate suspected security breaches and recommend corrective actions (including
incidents involving outside vendors).
• Serve as the enterprise focal point for security incident response planning and execution.
• Define and implement an ongoing company’s Risk Assessment program, which will define, identify, and classify critical assets, assess threats and vulnerabilities regarding those assets, and implement safeguard recommendations.
• Assist Internal Audits in the development of appropriate criteria needed to assess the level of
new/existing applications and/or technology infrastructure elements for compliance with enterprise security standards.
• Establish and monitor formal certification programs regarding enterprise security standards
relating to the planned acquisition and/or procurement of new applications or technologies.
• Assist in the review of applications and/or technology environments during the development or
acquisitions process to (a) assure compliance with corporate security policies and directions and (b) assist in the overall integration process regarding company’s own technology environment.
• Oversee the development of, and be the enterprise champion of, a corporate security awareness and training program.
• Manage security functions related to corporate information systems or data centers, working
closely with the VP of information security.
• Evaluate changes to the corporate environment for security impact and present findings to
The Chief Information Security Officer will initially report directly to the Chief Operating Officer, The Chief Financial Officer, or Legal Counsel / Executive Planning Council.
The CSO will have direct reports including an administrative assistant, the manager of security architecture and engineering, and various other staff.
The CSO will have dotted line reports including the VP of Information Security, The VP of Internal Audit
The candidate will have:
• A college degree (BA/BS), or equivalent work experience.
• Excellent staff management skills.
• Ability to interface with top management
• Eight to ten (8-10) years of management experience at least five of which were in a security-related area (Military or Para-military) in a leadership capacity.
Other desired qualities include:
• Consensus-builder, while still results-oriented and commitment focused
• Network-based security experience
• Business-based attitude; i.e., the recognition that no policies can be implemented w/o demonstrable business benefit
• Customer service experience
• Awareness of and strong experience in:
Vulnerability testing in addition to penetration testing
Developing security practices as a people problem versus a technical problem
Standards-based architecture with an understanding of how to get there, including compliance
monitoring and enforceability