As a technical and hands-on Chief Information Security Officer (CISO) reporting to the CIO, you will be responsible for establishing and executing the strategic enterprise vision and proactive program to ensure all of Constant Contact's information assets, employees, customers, and technologies are adequately protected.
What You'll Do:
- Strategy and Leadership:
- Develop and communicate the organization's cybersecurity strategy, vision, and goals to executive management, board members, and employees.
- Provide leadership and guidance to the information security team, fostering a culture of accountability, transparency, and proactive continuous improvement in cybersecurity practices.
- Collaborate on the overall business technology plan with Engineering, Product, Legal, and Revenue, providing a current knowledge and future vision of security technology and systems.
- Oversee a team of Security Professionals to execute on the security roadmap.
- Risk Management:
- Identify, assess, prioritize, and manage cybersecurity risks to the organization's information assets.
- Develop and maintain the organization's risk management framework, policies, procedures, and standards.
- Security Operations:
- Oversee the operation of the enterprise's security solutions, including the deployment, monitoring, and maintenance of infrastructure, intrusion detection/prevention systems, endpoint security solutions, etc.
- Lead Security incident response planning and execution to mitigate potential threats and minimize impact.
- Develop and achieve individual and team focused Security OKRs.
- Compliance and Audit:
- Ensure the organization's compliance with relevant regulations, laws, and standards pertaining to information security.
- Collaborate with internal and external auditors to conduct regular security assessments, audits, and successful recertification of SOC2.
- Training and Awareness:
- Promote security awareness and coordinate security training programs for employees at all levels of the organization.
- Foster a culture of proactive cybersecurity awareness and accountability throughout the organization.
- Vendor and Third-Party Risk Management:
- Evaluate, monitor, and manage risks associated with third-party vendors and service providers.
- Ensure contracts include appropriate security requirements and conduct regular assessments of vendor security practices.
- Budget Management:
- Develop and manage the information security budget, ensuring optimal allocation of resources and investments in line with organizational priorities.
Who You Are:
- Proven experience (8+ years) in a senior-level information security management role.
- Degree in Computer Science, Information Technology, or a related field (advanced degree preferred).
- Professional Security certifications such as CISSP, CISM, or CISA.
- Experience with certification of common information security management frameworks, such as SOC2, ISO/IEC 27001, and NIST.
- Strong understanding of cybersecurity technologies, risk management frameworks, and global regulatory requirements (GDPR, CCPA, etc).
- Experience in a SAAS company.
- Experience with cloud and hybrid security principles and practices.
- Track record of successfully building and leading high-performing global cybersecurity teams.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Experience with contract and vendor negotiations and management, including managed services.
#J-18808-Ljbffr