Chief Information Security Officer
440 9th Ave , 3rd Floor New York County, NY 10001
Job Title: Chief Information Security Officer
Status: Direct Hire
Remote: No – Onsite in NYC Required
The Chief Information Security Officer will be responsible for establishing and maintaining an enterprise level strategy and program ensuring both physical and digital information assets and technologies are adequately protected. Responsible for the overall Information Security and Risk Management of the company. We are looking for a strong, knowledgeable cyber-security leader who can provide vision, strategy, broad-based planning, and hands-on responsibility.
- Opportunity to lead security efforts for what Newsweek calls one of “ America' s Best Online Shops” including multiple data centers, cloud providers, the company’ s megastore, offices and our 500, 000+ square foot fulfillment center.
- Work for a company with a tech savvy CEO where Cyber Security is the top agenda.
- Highly visible role reporting directly to the CIO, and with high visibility and access to all company Executives.
- Work with a highly motivated, excited and active security team.
- Work with executive leadership, operations, and systems colleagues, and lead the organization in identifying, developing, implementing and maintaining processes to reduce information and information technology risks.
- PPP = Practical Pragmatic Pushy:
- It’ s a real problem. It needs real answers.
- Have clear short- and long-term direction.
- Keep pushing in the right direction. Always forward.
- Be in the know!
- Have strong sense of how we are doing and where we are objectively in our security posture.
- Be up to date on security challenges and events.
- It’ s all about the people.
- Get to know the culture.
- Make people excited and motivated to move the security agenda forward.
Day to Day:
- Provide Executive Leadership a clear understanding of the exposure and risks.
- Provide Executive Leadership a practical strategy, roadmap and timelines to a mitigate and manage the exposure and risk.
- Report continues progress, challenges and risks to executive management.
- Define policies and processes that enable the Company to establish consistent, effective information security practices and minimize risk.
- The CISO determines projects and priorities for all information security issues and establishes short- and long-range business plans to achieve the security vision defined in the CISO’ s strategic plan.
- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Specifically, regarding PCI, GDPR, CCPA.
- Work with business colleagues to review RFPs, RFIs etc., and provide security and risk-related input into proposals.
- Oversee daily cyber security activities for the entire company to manage risk at an appropriate level, ensure effective response to incidents, and optimize secure data access and utilization.
- Guide the information security team SOC to proactively analyze and directly respond to internal and external threats to system security.
- Assist in selecting 3rd party security vendors to assist in our data security capabilities.
- Provide direction for Enterprise Risk Management, Business Continuity and Disaster Recovery Efforts, Policies and Procedures, and Record Retention
- Design the architecture for security programs that include:
- Audit and Compliance functions
- Risk Governance
- Security Policies and Procedures
- Security Awareness Training
- Assist in recruiting the Information Security Team
- Define and monitor a risk-based process for vendor management, including the assessment of risks that may result from partners and service providers.
- Security incidents. Take on leadership role to triage and investigate incidents. Help determine the business impact of the incident. Lead the safe and rapid resolution to the problem. Manage internal communications, partner company’ s internal communications to manage external communications.
- Lead the Security incidents debrief and own the implementation of lessons learned
- Bachelor’ s degree in Computer Science or Information Systems Management or equivalent
- 15+ years in Information Technology or an IT related field (e.g., IT Audit)
- 10+ years in a senior Security IT role
- Hands-on experience and extensive knowledge of information security technology
- Strong subject matter experience in cloud and on premises environments/technologies/security, application security, vulnerability testing and development of a risk appetite
- Risk management experience with proven ability to effectively apply risk principles to challenging business situations
- Review Threat and Vulnerability reports and create detailed Action Plans to address risks
- CISSP, CISM, or other equivalent security certification required
- CRISC, CISA, CISM preferred
- ITIL Certification preferred
- Hands-on Technical Experience with Telecommunications and Network, Security Solutions (Firewalls, IDS/ IPS, SIEM, Vulnerability Assessment Tools) Access Control Systems, Cryptography, Physical Security Systems, and Secure SDLC Methodologies
- Ability to maintain the highest standard of confidentiality is required with zero tolerance
- Experience performing multifaceted projects in conjunction with normal activities
Meet Your Recruiter
Fun Facts: Taylor Swift's #1 Fan, lover of the Fast and the Furious franchise, and avid snowboarder.
If you feel like you are the right fit for the job above, please click the apply online button below and I will be sure to reach out ASAP!