Sorry, this job is no longer accepting applications. See below for more jobs that match what you’re looking for!

Chief Information Security Officer (Ciso)

Expired Job

Guidepoint Security Albany , NY 12201

Posted 4 months ago

https://app.jobvite.com//Logo/2628_GPSLogo180x110BLUE_1473358962350_Company.jpg" alt="No Image" />

GuidePoint's Chief Information Security Officer ("CISO"), is responsible for securing GuidePoint's operations, both internally and client-facing. GuidePoint's CISO also serves as GuidePoint's Chief Technology Officer ("CTO"), and is responsible for GuidePoint's technology decisions and implementations. GuidePoint's CISO manages both the IT and INFOSEC teams, as well as serves as an Executive Sponsor to GuidePoint's Technology Integration line of business. Additionally, GuidePoint's CISO serves as an industry thought-leader, attending and presenting at marketing events such as CISO roundtables, vendor conferences, and industry shows.

Roles & Responsibilities:

  • Responsible for all aspects of GuidePoint's Information Security program, including people, process, technology, and oversight/governance.

  • Responsible for ensuring compliance with applicable regulatory mandates, including PCI DSS, SOC 2 Type II, GDPR, HITRUST, and more.

  • Responsible for ensuring ability to meet client third party assessment requirements.

  • Responsible for all aspects of GuidePoint's Information Technology department, including people, process, technology, and oversight/governance.

  • Serve as executive sponsor for Technology Integration (Engineering) professional services line of business.

  • Serve as a thought-leader by developing and presenting materials at industry events, GuidePoint's blog, and more.

  • Develop and manage to budgets for Information Security and Information Technology departments.

  • Evaluate emerging cybersecurity and IT technologies for adoption within GuidePoint, as well as provide guidance to sales and engineering teams.

  • Brief GuidePoint's leadership team on a regular basis on Information Security and Information Technology relevant trends, data, and more.

  • Work with clients (both internal and external) to identify business requirements and implement people, process, technology, and/or oversight/governance to achieve desired outcome(s).

Position Requirements:

  • Previous experience as a Chief Information Security Officer ("CISO") is required.

  • Previous experience presenting in front of both technical and executive audiences is required.

  • A strong ethics and understanding of ethics in business and cybersecurity is required.

  • Deep technical knowledge of cybersecurity tools, applications, and processes is required.

  • Possession of, or ability to obtain, a Federal Clearance is required.

  • Working knowledge of Windows, Mac, and Linux based systems, as well as networking and application development is preferred.

  • Previous project management experience is preferred.

  • Previous experience as a Chief Technology Officer ("CTO") or Chief Information Officer ("CIO") is preferred.

  • Previous experience working in a technical role at a consulting organizations is preferred.

  • Previous experience with applicable regulatory mandates (PCI DSS, SOC 2 Type II, GDPR, HITRUST, and more) is preferred.

  • Strong relationships with other CISOs and cybersecurity vendors is preferred.

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller and solution provider that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 300 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 1,200 clients.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company's success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.

This is a unique and rare opportunity to grow your career along with the one of the fastest growing companies in the nation.

Some added perks.

  • MacBook Pro

  • Healthy mobile phone and home internet allowance

  • 100% employer-paid medical and dental with generous employer family contributions

  • Eligibility for retirement plan after 2 months at open enrollment

Equal Opportunity Employer

GuidePoint Security, LLC is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Chief Information Security Officer

State Of New York

Posted 2 weeks ago

VIEW JOBS 11/2/2018 12:00:00 AM 2019-01-31T00:00 Minimum Qualifications Minimum Qualifications Bachelor's degree in Business Administration or a technology-related field and professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials plus seven years of combined experience in IT Security and IT Risk Management. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST. Experience in developing and executing Disaster Recovery programs. Hands on experience working with PCs and servers as well as security tools such as Qualys, Varonis, SecureDocs, Sophos and MFA. Hands on experience with administering anti-virus, encryption, vulnerability scanning, and internal and external threat protection software. Sound understanding of Office 365 and Azure security controls is required. Preferred Qualifications Master's degree in Computer Science and professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials plus seven years or more of combination experience in IT Security and IT Risk Management. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST. Experience in developing and executing Disaster Recovery programs. Hands-on experience in LAN/WAN management. Experience with IT Asset Management. Experience with contract and vendor negotiations. Management experience with the ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Hands on experience working with PCs and servers as well as security tools such as Qualys, Varonis, SecureDocs, Sophos and MFA. Hands on experience with server, network, or firewall administration. Essential Skills * Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences * Demonstrated analytical and conceptual skills. * Demonstrated ability to work in a team environment. * Demonstrated ability in disaster recovery and business recovery planning and testing. * Demonstrated ability to identify and suggest ways to minimize business risk. * Demonstrated judgment and discretion in matters of confidentiality. * Ability to communicate security and risk-related concepts to technical and nontechnical audiences. Duties Description Primary Purpose The Chief Information Security Officer (ISO) is responsible for protecting and maintaining the confidentiality, integrity and availability of information and related infrastructure assets; managing the risk of security exposure or compromise; assuring a secure and stable information technology (IT) environment; identifying and responding to events involving information asset misuse, loss or unauthorized disclosure; monitoring systems for anomalies that might indicate compromise; increasing the awareness of information security within DASNY. The Chief ISO has a senior advisory role in decisions affecting information security and assurance, and is responsible for the development, implementation, enhancement, monitoring and enforcement of DASNY and New York State information security policies and standards across the organization. Essential Functions Operations * Conduct regular penetration testing and keep records of all test data and schedule of future testing. * Maintain security of all electronic data, documents and records and regularly test vulnerabilities. * Work with IS to plan, install, and maintain required security architecture, software, hardware, firmware, and appliances. * Provide advice on security issues related to procurement of products and services. * Review and approve all external network connections to DASNY's network. * Escalate security concerns to executive management, as necessary. * Maintain records and controls for all IT security related matters including but not limited to pro-active investigations, risks, threats, actual security events, technology related assets, system life cycles, penetration testing, data vulnerability testing, and provide up-to-date time schedules of all reviews and follow-ups. * Maintain records on system access to the DASNY technology environment with regard to access levels on all technology including but not limited to applications, equipment, and records. * Maintain records on all DASNY technology assets and equipment including but not limited to: computer hardware and devices, computer monitors and peripherals, mobile phones/equipment/devices, construction technology devices and equipment, infrastructure hardware and devices, applications and software, cloud data storage, off-site physical data storage. * Recommend, develop, enhance, monitor and update policies, standards, procedures, control processes, and education and awareness programs relating to IT security and risk management to verify appropriate safeguards are implemented; ensure appropriate information security awareness and educate all DASNY employees, and third party individuals as required. * Facilitate and ensure compliance with IT security policies, standards and processes, and federal and State laws and regulations affecting security controls and classification requirements of DASNY's information. * Ensure DASNY policies/practices align with the NYS Information Security Policy Standards established and issued by the Office of Information Technology Services. * Coordinate with IS staff to ensure security measures are implemented in accordance with policy requirements. * Participate in new hire on-boarding providing appropriate system credentials and training new hires on DASNY's "need to know" information regarding its' IT network, applications and security. * Act as liaison between DASNY and external auditors. * Coordinate DASNY's technical efforts in response to information and system security compliance reviews or audits performed by external regulatory organizations or auditors. * Develop or review contracts, service level agreements, memorandum of understanding language and other documents to verify that they meet information security needs and requirements and align with agency and State information security policies. * Maintain guidelines for the development of secure application code using industry best practices. Strategic * Maintain current industry knowledge and build relationships with IT security related organizations on industry and government standards, information security market movement, and current technology risks and threats and evaluate the applicability of the latest information security techniques and tools to DASNY's security program. * Protect and maintain the confidentiality, integrity and availability of DASNY proprietary data and user confidential information by securing the applications, endpoints, and infrastructure assets in coordination with the Director of IS and executive management. * Evaluate security threats and counter measures that could affect DASNY; make recommendations to executive management to mitigate risks. * Manage and coordinate technology and security risk assessment and management which includes pro-active investigations to test for risk tolerance and potential weaknesses in DASNY's IT environment including but not limited to infrastructure, on-site and off-site data, applications and asset management. * Oversee and coordinate information security and information assurance efforts within DASNY, and exercise authority for compliance with DASNY's information security and assurance policies. * Work with the IS Director and Assistant Directors to oversee IT network and data security architecture; develop, deploy and maintain information security architecture in accordance with New York State and DASNY information security policies. Improve DASNY's security infrastructure while also improving DASNY users ease of use. * Serve as the information security expert and provide consultation to management with regard to all information security. * Collaborate with peers to develop a multilayered and adaptive approach to counter a dynamic information security threat environment. * In consultation with Counsel's office, research relevant laws and regulations that could affect the security controls and classification of information assets, and approve adjustments to meet legal and regulatory requirements. * Develop metrics to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation and increase the maturity of the security program. * Produce and/or present reports for the Audit Committee addressing DASNY's information and cyber risk to assist the Audit Committee in its responsibilities for oversight of DASNY's systems over internal controls and risk assessment, including information technology security and control, as it relates to the annual external audit of DASNY's financial statements. Event Responses * Work with the IS Director and the Business Continuity Policy Analyst to develop, maintain and test DASNY's Disaster Recovery Plan (DRP). * Work with Counsel's Office and Communications & Marketing to develop, implement and maintain incident response plans and reports, consistent with New York State standards, to effectively respond to security incidents. * Investigate and report security incidents and malfunctions to management and ITS in accordance with the ITS Incident Reporting Policy. * Identify potential information security violations; refer and coordinate with Counsel's Office and the Office of Professional Integrity for further investigation. * Ensure appropriate follow up to security violations. Other Duties and Responsibilities * Supervise, train and evaluate employees. * Ensure supervisors meet their obligations in the supervision, training and evaluation of their staff. * Handle disciplinary matters and assist in handling stage 1 grievances and disciplinary measures in accordance with applicable collective bargaining agreements. * Participate in collective bargaining and other employee relation matters; administer and ensure adherence to applicable bargaining agreements. * Assess, develop and implement internal controls, and oversee the review and testing of same. * Undertake special assignments as directed. * Must maintain regular attendance in accordance with DASNY attendance and leave policies. * Must adhere to the NYS Information Security Policy Standards established and issued by the Office of Cyber Security and Critical Infrastructure Coordination. (Standards can be found on the Intranet). * Maintain current knowledge and proficiency in Information Security through training and receiving annual Continuing Professional Education (CPE) credits directly related to Information Security. Additional Comments Supervision May train and supervise employees. Physical/Mental/Visual Demands Travel is required, using public transportation, DASNY vehicle, rental vehicle or personal vehicle. This travel may include overnight stays at public accommodations and related establishments. Must be able to work overtime or extended work hours as needed. Work Environment Standard office environment, including the use of one or more of the following: PC, telephone, fax machine, printer, copier, electronic stapler/hole punch/date stamp, shredder. DASNY is an Equal Employment Opportunity employer committed to excellence and diversity. All qualified candidates are encouraged to apply. State Of New York Albany NY

Chief Information Security Officer (Ciso)

Expired Job

Guidepoint Security