--
I have a very urgent DIRECT CLIENT requirement for *Chief Information
Security Officer* in *Lansing, MI*. Please Let Me Know If you have
available candidate, please reply with their word resume, location, rate
and contact number.
Please send the resumes at alb...@cncconsulting.com
*Job Title: Chief Information Security Officer (#495441)*
*Location: Lansing, MI*
*Duration: 12 Month*
Job Summary - Collaborating with a variety of external strategic business
and IT leaders this senior level consulting position must continually
refine the organization’s IT Security & Risk Strategy, ensuring critical
data, assets and infrastructure are secure by working to keep cyber
defenses, operations and the overall organization prepared for current and
ongoing threats. IT Security & Risk Strategy should align with the
organization’s strategy / priorities and be communicated accordingly to
executives and other stakeholders across the local government entities in
State of Michigan. The CISO consultant is expected to periodically
communicate strategy, critical updates, and measurable progress against
industry maturity level targets to the IT leadership team. Additionally,
the CISO consultant is expected to provide leadership and guidance
following a prescribed framework and reporting to an appointed steering
committee. He/She will be responsible for performing risk/security
assessment, developing implementation plan and operationalizing it based on
the organizational needs. Experience requirements for specific
cybersecurity segments are listed below.
IT Risk Management
? IT Risk Management – As a partner with the internal services,
infrastructure, application and operational technology teams, the CISO will
define risk measurement standards and repeatable ISO 27000 or equivalent
framework for all components of IT risk, including but not limited to
vendor, cloud, stability, supportability, regulatory, disaster
preparedness, and security. The team will perform ongoing risk assessments
and provide executive updates / escalation as necessary.
IT Regulatory & Compliance
? IT General Control (ITGC) Compliance & Audit Management –
Define, measure and drive ITGC compliance including but not limited to
defined regulatory requirements including but not limited to PCI and
HIPAA. Partner with stakeholders to ensure compliance to PCI and HIPAA,
and other applicable standards. Ensure all compliance activities are
mapped to defined standards (e.g. ISO, NIST Executive Order, COBIT). Act as
primary interface to Audit organizations, including review of all
IT-related audit findings, follow-ups and management response commitments.
? Security Training & Awareness – Continue to drive and expand
organizational security training and awareness through repeatable and
creative initiatives across an organization.
? Data Privacy - Responsible for the direction and oversight of
matters governing appropriate access, security, privacy, and
confidentiality of employee and other sensitive personal and organization
information. Ensures organizational compliance with applicable statutory
and regulatory requirements pertaining to the subjects of information
security and privacy for the organization. Interfaces with Legal, HR and
other appropriate departments.
? Project Design & Delivery – Manage multi-vendor teams in the
design, development, deployment and support of many critical security
related projects as part of achieving overall improved maturity of IT
security capabilities.
IT Security Operations
? IT Security Operations - Responsible for defining, developing,
and managing the organization’s IT Security Operations function. This
includes: 1) management of an internal security organization, 2)
alignment with county operational technology asset monitoring
requirements, 3) interfacing 3rd party Managed Security Services Providers
for external network monitoring and cyber intelligence, 4) measurement of
incident handling performance, and 5) working closely with external
entities (industry, government) regarding current threats, indicators of
compromise, or other intelligence. As a partner with the internal services,
infrastructure, application and operational technology teams, the CISO will
set the direction of and deliver the overall IT Security Architecture for
the county being supported by this role.
Other Key Roles & Responsibilities:
? Responsible for managing the phases of the CISO as a Service
framework (Assessment, implementation, operations) covering all aspects of
IT Security function, including operations, new projects, third party
vendors, managed services and other related costs.
? Conduct internal briefings with other senior leaders across the
organization on a regular basis for broad based awareness of key updates
such as cyber security operational performance, incidents or breaches, new
strategic areas of focus and critical project updates.
? Define overall IT Security Strategy & Vision. Ensure IT
Security Strategy clearly communicates future design and aligns to cyber
security and risk objectives across each part of the organization.
? Present to audiences and forums internal and external to the
organization on topics related to IT security, risk and compliance.
Education, Experience, & Skill Requirements
? Must possess and exhibit a high level of integrity and passion
for the disciplines of IT Security & Risk.
? Ten plus years overall of multi-disciplined IT background.
? Prefer minimum of 4 years of experience as CISO or equivalent
position for medium sized organizations.
? Ability and experience working across multiple organization and
IT organizations to develop an integrated organizational IT Security & Risk
Strategy
? Experience designing organizational IT Security Architecture,
infrastructure and applications.
? Strong knowledge and experience in managing complex project
plans with interdependencies between many different projects and
initiatives.
? Experience working with external cyber intelligence
organizations, such as MS-ISAC (NERC), ISC-CERT (DHS), FBI.
? Familiarity with standard risk frameworks, including ISO 27000,
SANS, NIST 800-53, and standard compliance frameworks.
? Prefer degrees in Computer Science, Business, Engineering or
Information Systems.
? Current certifications such as CISSP, CISA, and/or others as
relevant will be preferred.
? Professional IT process / methodology certifications a plus
(e.g., ITIL, CobIT, LEAN, Six Sigma) with experience implementing rigorous
and efficient process / methodology across an organization. Prefer
experience as a business or IT consultant.
Multi-disciplined IT background
Required10Years
Experience as CISO or equivalent position for medium sized organizations
Required4Years
Degree(s) in Computer Science, Business, Engineering or Information Systems
Highly desired1Years
Current certifications such as CISSP, CISA, and/or others as relevant will
be preferred
Nice to have1Years
Professional IT process / methodology certifications (e.g., ITIL, CobIT,
LEAN, Six Sigma) with experience implementing processes and methodologies.
Nice to have3Years
Experience as a business or IT consultant
Highly desired4Years
Strong knowledge and experience in managing complex project plans with
interdependencies
Required5Years
Very Truly,
Albert Smith
CNC Consulting, Inc
The enterprise resource for staff augmentation
201-588-9137 P
201-541-9128 F
alb...@cncconsulting.com
www.cncconsulting.com
--
You received this message because you are subscribed to the Google Groups "SAP
BASIS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to sap-basis+unsubscr...@googlegroups.com.
To post to this group, send email to sap-basis@googlegroups.com.
Visit this group at https://groups.google.com/group/sap-basis.
For more options, visit https://groups.google.com/d/optout.
