Chief Information Security Officer (CISO)

  • Full-time

Company Description

bluestone Executive Search specializes in aligning top companies across vast industries with superior, high-level IT professionals worldwide.



Job Description

Our Client is seeking a Chief Information Security Officer (CISO) with 15 years of information security experience.

Responsibilities:

 

  • Responsible for establishing and maintaining an enterprise-wide vision, strategy, architecture, and program for ensuring that information assets are appropriately protected.
  • Responsible to ensure that the Client is in compliance with all applicable federal and state laws, directives, policies and Client requirements regarding the securing of information
  • Ensures implementation of the information security plans; and manages the operational processes for monitoring and maintaining information security.
  • Responsible for maintaining a complete awareness of current and developing information security regulations, technology, and threats.
  • translate this information into a comprehensive set of policies, procedures, and security plans to maintain appropriate security for the various types and categories of unclassified and classified information assets.
  • Responsible for monitoring and assessing the overall compliance of the organization with information security regulations, policies, programs, and procedures.
  • Responsible for conducting regular third-party independent audits of our information security.
  • Responsible for ensuring any resulting actions to address gaps or weaknesses are appropriately assigned and completed in a timely manner to maintain information security.
  • Responsible for managing our response to incidents and ensuring that they are appropriately addressed, documented, and reported.
  • Responsible for completing and delivering regular information security reports and assessments as are required by regulatory agencies, and by our clients.
  • Responsible for preparing regular reports on our information security status to Management. 

 

Qualifications

Qualifications:

 

  • Minimum 15 years of information security experience. 
  • Requires advance to expert level knowledge and understanding of information security architecture, information security technologies, systems design, integration of systems, and networking.
  • Minimum of six years leadership experience in managing multiple geographically dispersed technical staff, and influencing senior level management and key stakeholders
  • Deep understanding of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP),  Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), Defense Federal Acquisition Regulation Supplement (DFARS), Health Insurance Portability and Accountability Act (HIPPA), Personally Identifiable Information (PII), and Protected Health Information (PHI), and various other laws and regulations including Executive Orders.
  • Current and deep technical knowledge and experience working with the latest information security technologies and tools, including both commercially available, Government supplied, and custom developed.
  • Experience must include tools for maintaining security, for assessing and evaluating security, and for doing security incident forensic work
  • Knowledge of vendors and their products including:  The Apache Software Foundation, ArcSight, Bit9, Bluecoat, Cisco, McAfee, Palo Alto Networks, Juniper Networks, RSA Security (EMC), Symantec, Tripwire.
  • Experience with Government agencies, particularly the Department of Defense (DoD) on information security matters.
  • Experience with Government Classified systems and the associated security requirements.
  • Knowledge of the United States Government Configuration Baseline (USGCB). 
  • Exceptional ability to manage extremely technical staff working on very sensitive subject areas and with extremely sensitive information
  • Successful ability to partner and influence across the Information Services organization to achieve work completion through individuals not under the CISO’s direct control.
  • High degree of initiative, dependability.  Experience managing multiple, simultaneous, significant information security related initiatives and responses.
  • Deep knowledge and application of quality assurance methodologies to application and infrastructure delivery and experience meeting regulatory requirements while achieving exceptional quality standards.
  • Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and inspectors.
  • Minimum of a Bachelor’s degree in Computer Science, Software Engineering, or a related field.
  • Strong consideration will be given for advanced degrees in related fields and related professional certifications.
  • Security Clearance
  • US Citizenship is required to obtain a security clearance
  • Preference for an existing, transferable, Top Secret SCI clearance.

Additional Information

I'm interested