Deputy CISO

Job Overview

The Deputy Chief Information Security Officer will be responsible for supporting the CISO and ensuring the organization's information security strategy is aligned with organizational priorities. As a key thought leader in the area of information security, the Deputy CISO is responsible for directing the implementation and monitoring of information security solutions, standards, and policies, enabling business initiatives. One of the key responsibilities of the Deputy CISO is to work closely with the CISO to develop and maintain the organization's information security strategy. This includes identifying and assessing security risks, defining security objectives and priorities, and ensuring that information security solutions are aligned with the organization's overall goals.Another important aspect of the Deputy CISO's role is to bridge the gap between business, information security, and technology. This involves building consensus among stakeholders, communicating the importance of inf

Expected work hours

40

Job Description

Responsibilities include but not limited to:

• Strategy - Planning: Work with the CISO to develop and implement an information security strategy that aligns with organizational priorities.
• Oversee the implementation and execution of security standards and policies.
• Develop operational-level roadmaps and execute improvement plans for underperforming security areas.
• Maintain security policy review processes and ensure compliance with laws, regulations, and regulatory guidance.
• Support compliance improvements by furnishing information relevant for audit activities and directing compliance issues to appropriate resources.
• Define local-level KPIs and collect and report necessary metrics to CISO and executive management.
• Communicate identified threat information to Division BISO and Enterprise levels.
• Support implementation and execution of the security control framework.
• Direct Areas of Responsibility: Direct oversight for a team of Business Information Security Officers aligned to key business areas to ensure consistent and high-quality information security management in support of business goals.
• Business Engagement Alignment: Determine information security approach and operating model in consultation with key stakeholders.
• Work effectively with business units to facilitate information security risk assessment and risk management processes.
• Create necessary internal networks to ensure alignment as required.
• Build out appropriate business engagement model and support functions.
• Ensure security is embedded in the project delivery process.
• Liaise with the enterprise architecture team to build alignment between the security and enterprise architectures.
• Define and Implement Information Security Frameworks: Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements.
• Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines.
• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program.
• Thought Leadership: Build and nurture external networks to address common trends, findings, incidents, and cybersecurity risks.
• Liaise with external agencies to ensure the organization maintains a strong security posture.
• Participate in leading industry forums and consortiums to represent business interests and set standards/practices.
  
  

Requirements

Required Skills:

• Technical Expertise: Demonstrated proficiency in areas such as information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, organizational change management, IT financial management, and IT audit.
• Knowledge and experience working with frameworks such as NIST, ISO, FedRAMP, and a strong grasp of security principles such as zero trust and critical security controls.
• Business Acumen: A well-developed understanding of and appreciation for business needs and a commitment to leading the information security team in delivering high-quality, prompt, and efficient service to the business.
• Understanding of how information security supports business objectives.
• Strategic Leadership: Proven strategic leadership capabilities with the ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
• Ability to lead the information security team in developing and implementing effective strategies and plans to achieve organizational objectives.
• Communication Skills: Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Ability to communicate complex technical issues to diverse audiences in an easily understood, authoritative, and actionable manner.
• Decision Making: Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Ability to make timely and sound decisions based on available data and analysis.
• Influence: An ability to effectively influence others and decisions without direct authority or where no formal reporting structures exist.
• Ability to build consensus and gain buy-in for security initiatives across the organization.
• Analytical Skills: Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Ability to analyze complex information and data, identify trends and patterns, and develop insights and recommendations.
• Project Management: Strong project management skills including financial/budget management, scheduling, and resource management.
• Ability to effectively manage projects from inception to completion, ensuring that objectives are met on time and within budget.
  
  

Required Experience:

• At least 8 years of professional experience in running an information security function, including defining information security strategy, analyzing, and applying information security risk, risk management and privacy practices, preferably in financial or banking industry.
• At least 8 years of relevant work experience, including consulting and general industry experience.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Extensive experience in strategic planning, budgeting, and allocation.
• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Experience with contract and vendor negotiations.
• Up-to-date knowledge of methodologies and trends in information security, risk management, cybersecurity technologies, as well as business and IT.
• A bachelor's degree in a computer-related field or equivalent work experience.
• Master's degree, preferred.
  
  

Required Certificates Licenses, and Registrations:

• ISACA or GIAC certifications
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC) or other similar credentials
  
  

Pay Range Information

Exact compensation may vary based on skills, experience, and location.

Salary Grade Minimum - Annual

$186,000.00

Salary Grade Maximum - Annual

$341,200.00

Salary Grade Minimum - Hourly

$89.42

Salary Grade Maximum - Hourly

$164.04