Chief Information Security Officer

Chief Information Security Officer (CISO)

The CISO is responsible for maintaining the Park Place Technologies information security program, including our security and risk policies, to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected for our employees and our customers. The CISO will develop and implement effective information security policies and procedures to secure sensitive systems and data as well as oversee the security of systems, data, and activities. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.

What you'll be doing:

• Manage the Information Security Program:

• Provide strategic leadership for risk and compliance programs, IT systems, and security programs.

• Ensure compliance with our chosen information security standards, based upon the NIST Cybersecurity Framework.

• Report on compliance and security metrics to senior business leaders both internal and external.

• Continuously improve our information security awareness training program for all employees and contractors.

• Participate in business and technology projects to ensure the standards of the Information Security Program are considered and in place for all projects.

• Lead the Organization:

• Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals.

• Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas.

• Manage the budget for the information security function, monitoring and reporting discrepancies.

• Coordinate an effective information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews.

• Determine Strategy:

• Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.

• Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.

• Assist in new product development, adjusting our strategy as necessary to recognize new threats introduced with new products.

• Work with senior management to identify, define and confirm the key threats to PPT information assets, internally and externally.

• Identify and champion projects that continuously improve our security stance.

• Operate the Function:

• Work with business units to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.

• Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.

• Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.

• Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.

• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

• Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.

• Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.

• Oversee external vendors who provide security functions to PPT.

• Maintain, improve and drive strategy to ensure our SOC 2 and ISO 9001 certifications remain compliant.

What we're looking for:

• Minimum of ten to fifteen years of experience in a combination of risk management, information security and IT jobs (at least five must be in a senior leadership role).

• Five to ten years of information security leadership experience with a SaaS provider.

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

• Ability to communicate effectively with external customers, explaining our security posture for PPT products and services in both 1-1 customer meetings and general forums.

• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.

• Poise and ability to act calmly and competently in high-pressure, high-stress situations.

• Must be a critical thinker, with strong problem-solving skills.

• Knowledge and understanding of relevant legal and regulatory requirements, such as GDPR.

• Degree in business administration or a technology-related field, or equivalent work- or education-related experience.

• Professional security management certification is expected, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

• Experience with contract and vendor negotiations.

• Excellent stakeholder management skills.

• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.

• Must be willing to work four days in office (one day remote) each week.

Bonus Points:

• N/A

Travel:

• Up to 15%

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by calling 1-877-778-8707.

Park Place Technologies is an Equal Opportunity Employer M/F/D/V.

Park Place Technologies has an in-house recruiting team that focuses exclusively on the hiring needs of our company. We are not currently accepting additional third-party agreements or unsolicited resumes. If you would like to be considered as a preferred partner with Park Place Technologies, please submit your detailed information to careers@parkplacetech.com. Any CVs submitted directly to hiring managers will be considered unsolicited and become the property of Park Place Technologies.