Chief Information Security Officer
Cognism
- London
- Permanent
- Full-time
- Are Nice!
- Are Collaborative. We're in this together!
- Are Solution-Focused. For every problem, we've got a solution!
- Are Understanding.
- Celebrate Individual Contributors.
- Provide information risk management and security guidance to security teams, internal groups and development teams.
- Advise on industry leading practices and internal best practices for secure deployments, security architecture, and integration with security control frameworks.
- Advises and assists on security architecture and design.
- Develops and oversees security control objectives.
- Oversee the implementation and operation of controls to meet identified security control objectives.
- Advise operations teams supporting computer security incident response activities related to intrusion detection monitoring, scanning, cyber threat reporting, and development/implementation of vulnerability mitigation strategies.
- Assist in the development of specifications and requirements for complex computer network security for Cognism information and technical infrastructure.
- Assist Business, IT and vendor management teams in the evaluation of vendor proposals, new and existing security designs, and with support from the Security Architecture Lead, emerging security technologies and systems.
- Develop trusted advisor relationships for information risk management and security with key stakeholders and internal groups.
- Act as the customer gateway for security requests and responses.
- Develop and enhance methods and practices that can be used by security to provide repeatable and scalable engagements.
- Develop and refine the engagement model and improve end-to-end engagement and satisfaction of business and technology customers and partners.
- Actively contribute to security knowledge management capabilities to enable IRM internal knowledge sharing and customer self-service capabilities.
- Maintain visibility across the lines of business and the enterprise, representing security.
- Using knowledge gained in participation within Cognism initiatives to help appropriately shape the direction of security's overall strategy and accompanying roadmap plans to ensure the closest possible alignment.
- Selects, assigns, trains, and evaluates direct reports and recommends or initiates associated human resources actions.
- Develops and recommends budget for the department and administers budget in accordance with Cognism policy. Monitors actual expenditures and addresses variances to approved budget.
- Develops programs, policies or procedures and oversees implementation as approved.
- Other duties as assigned.
- Are Nice!
- Are Collaborative. We're in this together!
- Are Solution-Focused. For every problem, we've got a solution!
- Are Understanding.
- Celebrate Individual Contributors.
- Background in IT Platforms and their security including:
- Security by Design approach.
- Amazon AWS environment and control capabilities.
- Microsoft 365 and Azure environment and control capabilities.
- Experience in operating and securing in SaaS operating models.
- Experience in operating and securing a DevOps and DevSecOps environment.
- PC's (Mac, Windows, Linux)
- Mobile devices (Android, iOS, Windows)
- Servers (Linux, Windows)
- Web servers (IIS, Apache, NGNIX)
- Databases (SQL Server, Oracle, Mongo DB, Postgres, Reddis)
- Datawarehouse (Redshift, Snowflake)
- Network devices (Firewalls, Proxy, NIPS, others)
- 10 years of experience in critical security functions and tools including
- Network and Infrastructure Security
- End point security controls (Endpoint Protection (e.g. Crowdstrike), HIPS)
- Vulnerability scanning
- Configuration monitoring
- Risk management
- Policy management
- Inventory control and Configuration Management Database
- Incident handling
- Application security (WAFs, Static and Dynamic scanners, OWASP)
- Security event monitoring
- Data protection and encryption (HSM, SEDS, Database encryption…)
- Disaster Recovery
- Business Continuity Planning and Execution
- Vendor Management
- KPIs and KRIs
- Control Testing
- Control Frameworks including
- ISO27001/2
- NIST 800-53
- PCI
- CoBit
- COSO
- CRisk
- BSIMM
- ITIL
- HIPAA
- GDPR
- Process Engineering
- Project Management
- Two or more Industry Certification(s) such as
- CISSP
- CISM
- CISA
- GISF
- CEH
- GSSP
- CSSLP
- GCIH
- CGEIT
- MCP
- CCNA
- Others
- Bachelors degree, Masters degree preferred (or equivalent experience)
- Ability to handle multiple tasks, prioritize and meet deadlines.
- Ability to work within a matrix organization.
- Excellent written and verbal communication skills.
- Must have ability to positively handle/manage stress, such as high work volume and frequent change.
- Must have flexibility and willingness to participate in the work processes of an international organization, including conference calls scheduled to accommodate global time zones.