CISO

About The Position

Requirements

• Undergraduate degree in related field
• 8+ years of experience working with standards/regulations impacting information security (e.g. PCI, HIPAA, SOX)
• 6+ years of experience with information security internal & external audits, contract compliance, and quality initiatives
• Must have experience in identifying and utilizing a risk based management model.

Nice To Haves

• At least one of the following certifications: CISSP, CISM, SSCP, CEH, or CSSLP
• Previous experience in Public Sector/SLED
• Security/Consulting industry experience working in a customer facing role with customer relationship management experience at the senior level
• Familiarity with information security technologies and issues on multiple platforms
• Significant experience in application and integration of globally accepted security standards
• Advanced knowledge of server and desktop configurations that will protect systems from unauthorized access and software invasion
• Strong understanding of networking technologies
• Advanced knowledge of network security that pertains to communications, computer system environments and related infrastructures

Responsibilities

• Ensure the delivery of information security services to the customer is in compliance with the contract and any applicable standards and regulatory requirements (e.g., PCI, SOX)
• Collaborate with the client in the definition and implementation of information security policies, strategies, procedures and configurations in order to ensure confidentiality, integrity and availability of client’s environment and data
• Participate with the customer in the strategic design process to translate security and business requirements into processes and systems
• Evaluate new / emerging security products and technologies and make recommendations to customer leadership in regards to the security posture impact on the organization
• Identify, review and recommend information security improvements as they relate to the achievement of the customer’s business goals and objectives
• Participate in internal and external audits for the customer (e.g., PCI, SOX) and coordinate information security services activities
• Manage and drive remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
• Identify information security weaknesses and/or gaps in the customer’s current operations and work with the customer to bring information security operations up to standards
• Participate and represent IT Security in Delivery/Operational meetings; conduct an information security operational review meeting with account (e.g., Customer Delivery Executive) and customer (e.g., CISO) key stakeholders with topics including information security status and performance
• Review service management reports to ensure tickets (i.e., incidents, problems, requests, changes) related to information security, are being acknowledged, worked and Service Level Agreements are being met; provide direction on ticket remediation and ensure remediation is complete
• Conduct an ongoing security awareness program for NTT DATA personnel supporting the customer ensuring individuals understand and are compliant with the relevant information security obligations in support of the customer; program should address relevant security topics and adequately provide guidance on security policies and supporting documentation
• Cultivate trusted partner relationships with account and customer; keep consistent and open dialogue to uncover issues, challenges, risks
• Maintain an information security strategy (forward looking roadmap), for your customer, aligning services / portfolio components to the strategy