Masentó Search have been exclusively engaged by a global manufacturer to identify candidates for a vacant CISO position.
The CISO role is increasingly visible and vital to business in today’s digital world.
This position will require cultivating key executive customer and partnership relationships. As an innovator in cyber security, it is key that you are able to scale your knowledge by creating repeatable documented security transformation processes to allow others to replicate.
Your role is to demonstrate thought leadership and be a trusted advisor to both existing and potential new customers and partners. With growing trust the CISO will be defining a journey for these customers to better understand your own state in comparison with others.
You will be aligned to key strategic accounts for which you will act as the strategic consultant, helping to define and strategically project manage how these accounts can evolve their cybersecurity capabilities, leveraging the resources and skills both in the insight and broader business. The outcomes will be documented to demonstrate a repeatable process that the broader business can leverage.
- Work with direct accountability to regulators and the Board for the management of risk
- Build a risk culture that is embedded in every policy and process of the company (Technology, Security, Personnel, Environment etc.)
- Design and implement the risk framework to ensure full compliance with regulatory expectations whilst maintaining working approach
- The day-to-day running and continuous improvement of security systems which includes the risk model (structure and content), the risk activities (Identification, Assessment, Evaluation and Treatment) and efficacy of mitigations. It will also include oversight of the incident management process and approach
- Compliance with Operational directives from various governing bodies as they apply
- Reporting on risk management internally (e.g. to the Board) and externally (e.g. to regulators), building effective working relationships with them
- Taking a hands-on approach to incident management analysis, staying informed, providing insight and guidance, as well as providing updates to regulators and other external stakeholders
- Identify, track, and communicate detailed metrics indicating overall security risk factors
- Working with external organisations and internal resources to ensure annual audits and renewals are successful
- Knowledge of information security management frameworks
- Excellent written and verbal communication skills and high level of personal integrity
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
- Experience with contract and vendor negotiations and management for the purpose of cyber security, including managed services
- Specific experience in security operations and tooling
- Specific experience in establishing, leading, and managing security compliance checking and remediation programs
- Specific experience in threat intelligence, incident management and running and operating appropriate executive exercises
- Experience with Cloud computing
- Excellent stakeholder management skills, and demonstrable experience understanding business drivers, and working with stakeholders to match cyber strategy to commercial/business context
- Previous experience of obtaining and maintaining these standards within an organisation is essential
- Experience of building operational processes and risk management frameworks from the ground up
- Senior interaction with regulators
- Ability to operate at C-Suite level when dealing with the Board and external participants
- AGILE methodologies
- People management