Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) will be responsible for determining enterprise information security standards for Netex. The CISO develops and implements information security standards procedures and ensures that all systems are functional and secure. This person will be familiar with a variety of the field’s concepts, practices, and procedures and will rely on extensive experience and judgment to plan and accomplish goals. The position requires frequent interaction and presentations to customers, the executive committee and the Board of Directors.

Our ideal CISO candidate will focus on protecting valuable information and maintaining the confidentiality and integrity of data through advanced knowledge of security management, network security and protocols, data and application of solutions, and knowledge of industry trends and current and emerging risks. A key responsibility will be advising leadership on enterprise security strategy, security architecture, and security design work; works with business stakeholders to define the security and privacy policies.

Required Skills:

• MS in Computer Science desired

• 5+ years working on a security team or consulting

• Experience with security management frameworks such as ISO 27001

• Knowledge of secure development methodologies such as (PCI-DSS, Data security and Privacy Shield)

• Experience securing Ebay and Amazon Web Services (EC2, S3, VPC, etc)

• Understanding of the security threat landscape

• Re-engineering / process improvement experience, leading and coaching security improvement projects.

• Ability to interface with senior management

• Strong leadership, motivation and change management skills required

• Project management skills must be highly developed.

Responsibilities:

• Performing vulnerability assessments;
• Conducting security audits and making policy recommendations to mitigate risks;
• Developing and updating business continuity and disaster recovery plans;
• Planning, implementing, monitoring and troubleshooting internal information technology security policies, application security and access control;

• Maintain relationships with local, state and federal law enforcement and other related government agencies.

• Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.

• Work with internal and external consultants as appropriate for independent security audits.