*Chief Information Security Officer -**Direct Client* *Immediate Interview and Start ASAP!!!*
*Please send resume to **s...@cncconsulting.com <s...@cncconsulting.com>* Job title: Chief Information Security Officer Location: Lansing, MI Duration: 12 Months Direct Client Position Client: State of MI job#495441 Job Summary - Collaborating with a variety of external strategic business and IT leaders this senior level consulting position must continually refine the organization’s IT Security & Risk Strategy, ensuring critical data, assets and infrastructure are secure by working to keep cyber defenses, operations and the overall organization prepared for current and ongoing threats. IT Security & Risk Strategy should align with the organization’s strategy / priorities and be communicated accordingly to executives and other stakeholders across the local government entities in State of Michigan. The CISO consultant is expected to periodically communicate strategy, critical updates, and measurable progress against industry maturity level targets to the IT leadership team. Additionally, the CISO consultant is expected to provide leadership and guidance following a prescribed framework and reporting to an appointed steering committee. He/She will be responsible for performing risk/security assessment, developing implementation plan and operationalizing it based on the organizational needs. Experience requirements for specific cybersecurity segments are listed below. IT Risk Management IT Risk Management – As a partner with the internal services, infrastructure, application and operational technology teams, the CISO will define risk measurement standards and repeatable ISO 27000 or equivalent framework for all components of IT risk, including but not limited to vendor, cloud, stability, supportability, regulatory, disaster preparedness, and security. The team will perform ongoing risk assessments and provide executive updates / escalation as necessary. IT Regulatory & Compliance IT General Control (ITGC) Compliance & Audit Management – Define, measure and drive ITGC compliance including but not limited to defined regulatory requirements including but not limited to PCI and HIPAA. Partner with stakeholders to ensure compliance to PCI and HIPAA, and other applicable standards. Ensure all compliance activities are mapped to defined standards (e.g. ISO, NIST Executive Order, COBIT). Act as primary interface to Audit organizations, including review of all IT-related audit findings, follow-ups and management response commitments. Security Training & Awareness – Continue to drive and expand organizational security training and awareness through repeatable and creative initiatives across an organization. Data Privacy - Responsible for the direction and oversight of matters governing appropriate access, security, privacy, and confidentiality of employee and other sensitive personal and organization information. Ensures organizational compliance with applicable statutory and regulatory requirements pertaining to the subjects of information security and privacy for the organization. Interfaces with Legal, HR and other appropriate departments. Project Design & Delivery – Manage multi-vendor teams in the design, development, deployment and support of many critical security related projects as part of achieving overall improved maturity of IT security capabilities. IT Security Operations IT Security Operations - Responsible for defining, developing, and managing the organization’s IT Security Operations function. This includes: 1) management of an internal security organization, 2) alignment with county operational technology asset monitoring requirements, 3) interfacing 3rd party Managed Security Services Providers for external network monitoring and cyber intelligence, 4) measurement of incident handling performance, and 5) working closely with external entities (industry, government) regarding current threats, indicators of compromise, or other intelligence. As a partner with the internal services, infrastructure, application and operational technology teams, the CISO will set the direction of and deliver the overall IT Security Architecture for the county being supported by this role. Other Key Roles & Responsibilities: Responsible for managing the phases of the CISO as a Service framework (Assessment, implementation, operations) covering all aspects of IT Security function, including operations, new projects, third party vendors, managed services and other related costs. Conduct internal briefings with other senior leaders across the organization on a regular basis for broad based awareness of key updates such as cyber security operational performance, incidents or breaches, new strategic areas of focus and critical project updates. Define overall IT Security Strategy & Vision. Ensure IT Security Strategy clearly communicates future design and aligns to cyber security and risk objectives across each part of the organization. Present to audiences and forums internal and external to the organization on topics related to IT security, risk and compliance. Education, Experience, & Skill Requirements Must possess and exhibit a high level of integrity and passion for the disciplines of IT Security & Risk. Ten plus years overall of multi-disciplined IT background. Prefer minimum of 4 years of experience as CISO or equivalent position for medium sized organizations. Ability and experience working across multiple organization and IT organizations to develop an integrated organizational IT Security & Risk Strategy Experience designing organizational IT Security Architecture, infrastructure and applications. Strong knowledge and experience in managing complex project plans with interdependencies between many different projects and initiatives. Experience working with external cyber intelligence organizations, such as MS-ISAC (NERC), ISC-CERT (DHS), FBI. Familiarity with standard risk frameworks, including ISO 27000, SANS, NIST 800-53, and standard compliance frameworks. Prefer degrees in Computer Science, Business, Engineering or Information Systems. Current certifications such as CISSP, CISA, and/or others as relevant will be preferred. Professional IT process / methodology certifications a plus (e.g., ITIL, CobIT, LEAN, Six Sigma) with experience implementing rigorous and efficient process / methodology across an organization. Prefer experience as a business or IT consultant. Multi-disciplined IT background Required10Years Experience as CISO or equivalent position for medium sized organizations Required4Years Degree(s) in Computer Science, Business, Engineering or Information Systems Highly desired1Years Current certifications such as CISSP, CISA, and/or others as relevant will be preferred Nice to have1Years Professional IT process / methodology certifications (e.g., ITIL, CobIT, LEAN, Six Sigma) with experience implementing processes and methodologies. Nice to have3Years Experience as a business or IT consultant Highly desired4Years Strong knowledge and experience in managing complex project plans with interdependencies Required5Years *Please send resume to s...@cncconsulting.com <s...@cncconsulting.com> * *Thanks, Sam CNC Consulting, Inc. 201-546-3096 s...@cncconsulting.com <s...@cncconsulting.com>* -- You received this message because you are subscribed to the Google Groups "oraapps" group. To unsubscribe from this group and stop receiving emails from it, send an email to oraapps+unsubscr...@googlegroups.com. To post to this group, send email to oraapps@googlegroups.com. Visit this group at https://groups.google.com/group/oraapps. For more options, visit https://groups.google.com/d/optout.
