Chief Information Security Officer
- Expired: over a month ago. Applications are no longer accepted.
Position: Chief Information Security Officer (CISO)
As our team continues to grow, there are special opportunities for the most strategic and precise individuals.
We currently have an opening for the Chief Information Security Officer (CISO) who would serve as the process owner of all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies.
The CISO will be responsible for leading our security team in managing information technology and security while architecting, evolving, and implementing innovative threat simulation attack vectors. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is also a hybrid position where the CISO will also contribute to service offerings and business strategy. The CISO is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.
CISO will lead BuddoBot’s cybersecurity team of professional hackers and engineers and is responsible for designing, implementing, and maintaining relevant attack vectors and overall threat intelligence as it applies to industries BuddoBot serves.
Due to the nature of the work performed within our organization, US citizenship is required. Must be able to pass a State and Federal criminal background check.
DUTIES AND RESPONSIBILITIES:
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
- Work directly with the business units to facilitate risk assessment and risk management processes.
- Develop and enhance an information security management framework.
- Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services.
- Partner with business stakeholders across the company to raise awareness of risk management concerns.
- Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
- Oversee scheduled and ad hoc threat simulation testing activities.
- Identify, create, adjust, and simulate threat tactics and methodologies used by malicious actors.
- Identify and direct the remediation of technical problems encountered during testing and implementation of systems to appropriate blue teams.
- Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise’s computer systems.
- Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to evaluate ability to compromise.
- Plan and design penetration methods, scripts, tests, and processes.
- Extensive tool experience and expertise (i.e., Burp Suite, ZAP, Nmap, Nessus, Wireshark, Metasploit, Hydra, Cobalt Strike, Empire, Mythic, Sliver, etc.).
- Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- Demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
- Possess solid understanding of voice and data networks, major operating systems, Active Directory, and their associated peripherals, along with MITRE ATT&CK TTPs.
- Team-oriented individual with excellent communication skills at explaining the urgency and criticality of vulnerability issues to a non-technical audience.
- Business Acumen -- Understands business implications of decisions; demonstrates knowledge of market and competition; aligns work with strategic goals.
- Communication – Communicates clearly and persuasively in positive or negative situations; listens and gets clarification; responds well to questions; demonstrates group presentation skills; participates in meetings.
- Professionalism – Approaches others in a tactful manner; reacts well under pressure; treats others with respect and consideration regardless of their status or position; accepts responsibility for own actions; follows through on commitments.
- Judgment – Displays willingness to make decisions; exhibits sound and accurate judgment; supports and explains reasoning for decisions; includes appropriate people in decision-making process; makes timely decisions.
- Meticulous attention to detail required.
- Must exhibit effective communication skills.
- Strong organizational skills with the ability to multi-task, as well as adapt quickly to fast-paced, changing environment and requirements.
Education and Certification Requirements:
- Bachelor’s degree in information security, information technology, information security assurance, or related field is preferred.
- One or more of the following certifications is preferred:
- Offensive Security Certified Professional (OSCP)
- Certified Ethical Hacker (CEH) Certification
- GIAC Penetration Tester (GPEN) Certification
- Certified Cloud Security Professional (CCSP) – Associate of (ISC)² designation
- Systems Security Certified Practitioner (SSCP) – Associate of (ISC)² designation
- Certified Encryption Specialist (EC-Council ECES)
- A+ (CompTIA)
- Cybersecurity Analyst Certification, CySA+ (CompTIA)
- Network+ (CompTIA)
- Network Vulnerability Assessment Professional (CompTIA)
- Network Security Professional (CompTIA)
- Security Analytics Professional (CompTIA)
- Security+ (CompTIA)
- Project+ (CompTIA)
- PenTest+ (CompTIA)
- IT Operations Specialist (CompTIA)
- Secure Infrastructure Specialist (CompTIA)
- ITIL® Foundation
Background and Experience:
- 8+ years’ penetration testing experience as well as additional experience in network security, reverse engineering, programming, databases, mainframes, and web applications.
- 10+ years’ experience working with information technologies, systems analysis, and security control design implementations.
- This position requires strong organizational and communications skills to work with a technical and non-technical audience.
- Developing data dictionaries, data models, operations-based testing scenarios, security system access controls.
- Skill in mimicking threat behaviors, optimizing database performance, and performing packet-level analysis using appropriate tools.
Required Technical Skills:
- Minimum of 8 to 12 years of experience in a combination of risk management, information security, and IT jobs.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
- MS Office Suite (MS Excel, MS PowerPoint, MS Word)
- Red Team/Attack Simulation Tools:
- Cobalt Strike
- Burp Suite
- Experience identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
PHYSICAL DEMANDS AND WORK ENVIRONMENT:
- General office environment. Work is generally sedentary in nature but may require movement about the office for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
- Contractor site with 0-10% travel possible
- Possible off-hours work to support releases and outages
- Occasional movement of small articles up to 10lbs
- Must be able to remain in a stationary position 50% of the time
- Continually operates a computer and other office productivity machinery
- Occasionally required to move self in different positions to accomplish tasks in various environment including tight and confined spaces
- Continually required to communicate information and ideas so others will understand
- Continually utilize visual acuity to operate equipment, read technical information, and/or use a keyboard
The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or physical requirements. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Equal Employment Opportunity Veterans/Disabled
Get fresh Chief Information Officer jobs daily straight to your inbox!
You Already Have an Account
We're sending an email you can use to verify and access your account.
If you know your password, you can go to the sign in page.