The Virtual CISO role combines technical expertise, strategic thinking, and leadership skills to ensure the organization's information assets are protected, risks are managed effectively, and compliance requirements are met.
Your responsibilities will be:
➢ Develop Information Security Strategy: The vCISO is responsible for developing and implementing an organization's overall information security strategy and roadmap. This includes identifying security goals and objectives, assessing risks, and creating plans to mitigate them.
➢ Security Governance and Compliance: The vCISO ensures that the organization complies with relevant security regulations, standards, and frameworks. They establish and maintain security policies, procedures, and guidelines, and monitor compliance with them.
➢ Risk Management: The vCISO identifies and assesses potential security risks and vulnerabilities in the organization's systems, networks, and applications. They develop risk mitigation plans and work with relevant stakeholders to implement appropriate controls.
➢ Incident Response and Management: The vCISO establishes an incident response plan to handle and respond to security incidents and breaches effectively. They coordinate incident response activities, conduct post-incident analysis, and recommend improvements to prevent future incidents.
➢ Security Awareness and Training: The vCISO develops and delivers security awareness and training programs to educate employees about security best practices, policies, and procedures. They promote a culture of security within the organization.
➢ Vendor and Third-Party Risk Management: The vCISO assesses the security posture of vendors and third-party partners, ensuring they meet the organization's security requirements. They establish and enforce security standards for third-party contracts and conduct regular audits to monitor compliance.
➢ Security Architecture and Technology: The vCISO advises on the selection and implementation of security technologies, such as firewalls, intrusion detection systems, encryption tools, and vulnerability management systems. They ensure that the organization's security architecture aligns with industry best practices.
➢ Incident Monitoring and Threat Intelligence: The vCISO oversees monitoring security events and alerts to identify potential threats and vulnerabilities. They stay updated on the latest security trends, emerging threats, and industry developments to proactively address security risks.
➢ Team Leadership and Collaboration: The vCISO collaborates with internal teams, such as IT, legal, and executive management, to integrate security into business processes and initiatives. If applicable, they provide leadership, guidance, and mentorship to the security team.
➢ Continuous Improvement: The vCISO continuously assesses the effectiveness of the organization's security program, identifies areas for improvement, and implements necessary changes to enhance the overall security posture.
➢ 10+ Information Security Management background, knowledge, and/or experience.
➢ Expert knowledge of and ability to implement technical aspects of HITRUST, HIPAA, ISO, SOC, NIST 800-171 and other compliance standards.
➢ Experience with SOC 2 or CMMC preferred.
➢ Prior history as a Qualified Security Auditor (QSA) and/or HITRUST assessor.
➢ Risk Management Framework (RMF) requirements.
➢ Relevant GRC / Audit / Security / Cloud Certifications.
➢ Resource management principles and techniques.
➢ Ability to detail unique compliance control requirements within HITRUST, & GDPR.
➢ Ability to demonstrate a strong understanding of network/system/application designs and virtualized environments.
➢ Strong leadership and communication skills.
➢ Ability to build and maintain relationships with customers within all layers of an organization.
➢ Excellent verbal and written English skills.
➢ Able to work independently and efficiently to meet deadlines.
➢ Self-motivated and detail-oriented.
What we offer:
➢ Great experience in a global cyber security company.
➢ Opportunity to grow with the company in any area you choose.
➢ Direct contract with the American company.
➢ Open-minded, professional team that will be developing & supporting you.
➢ Paid vacation and sick leaves.
➢ Paid Voluntary Time Off and Mental health day.
➢ Paid professional training.
➢ Medical insurance after the integration period.
➢ Flexible, remote work environment😊
Join our Team!