Skip to Main Content

Managing Director, Information Security (CISO)

The Institute of Internal Auditors Lake Mary, FL

  • Expired: February 28, 2021. Applications are no longer accepted.

The CISO serves as the process owner of assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the organization's information security policies. A key element of the CISO's role is working with the Chief Risk Officer (CRO) and Chief Council to determine acceptable levels of risk for the organization. In summary, the CISO is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.The IIA is a global organization with Affiliates worldwide who store and process our member information, the CISO will also serve as the process owner for securing the transfer of member and business sensitive data.GENERAL RESPONSIBILITIESThe Managing Director/CISO: Develops, implements, and monitors a strategic, comprehensive enterprise information security and Information Technology (IT...

risk management program. Facilitates and manages the development, modification, and operation of security protocols, including intrusion detection and prevention systems, to protect the IIA from breach or asset loss. In conjunction with the CRO, General Counsel/Chief Privacy Officer, and Chief Information Officer (CIO), develops and provides guidance on policies (e.g., acceptable use), risk management, incident response, security protocols, and applicable laws/regulations to employees.

Assesses the adequacy and recommends updates as necessary to the Disaster Recovery and Business Continuity Plans. Assesses compliance with the IT Risk Management Policy and works with the CRO and CIO, who have joint accountability for compliance with the Policy, to address potential areas of non-compliance and opportunities to strengthen the IT control environment. Maintains a dynamic IT security risk assessment within The IIA Risk Management business unit's ERM application.

In addition, facilitate metric Periodically reassesses, updates, and enhances, as warranted, the information security management and cybersecurity frameworks. Interacts with related disciplines via committees and other sources to identify and ensure the consistent application of policies and standards across all technology projects, systems, and services. Coordinates with external entities, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.

Partners with business stakeholders across the company to raise awareness of IT risk management concerns. Assists with the overall business technology planning, providing a current knowledge and future vision of technology and system security best practices.ESSENTIAL DUTIES AND RESPONSIBILITIESEssential duties and responsibilities of the CISO include: Performing real-time analysis of immediate threats and conducting triage and root cause analyses when issues (e.g., breach) are identified. Keeping abreast of developing security threats, and helping the Board and Executive Leadership Team understand potential security risks that might arise from Digital Transformation projects and/or changing business models.

Evaluating systems for vulnerabilities by conducting periodic audits and due diligence checks of security protocols. The CISO recommends modifications to security protocols as required. Implementing a control environment that mitigates risks pertaining to a) unauthorized access to systems and data, b) internal and external fraud, and c) misuse of data.

Facilitates metrics and reporting to measure the efficiency and effectiveness of the security program. Planning, procuring, and implementing necessary hardware and software to ensure the IT infrastructure and topology is designed and operating with best security practices. Providing guidance on IT projects, including the evaluation and recommendations of technical controls.Education and/or ExperienceUndergraduate degree in Business Ad

The Institute of Internal Auditors


Lake Mary, FL



View all jobs at The Institute of Internal Auditors