Chief Information Security Officer

The Chief Information Security Officer works with other executives across different departments to design security systems and assets.  The CISO’s primary responsibility is creating and implementing an information security program designed to protect enterprise communications, systems, and assets from potential threats. He/She will ensure compliance with legal security practices.

Location: YONDU HQ

Status: Active

# of Positions Available: 2

Job Description
  • Define and own a multi-year cybersecurity roadmap and key performance indicators focused on reducing cyber risk
  • Build and inspire a highly skilled and diverse Cybersecurity team. Foster a culture of trusted cross functional partnership, service, and continuous improvement
  • Create quarterly, annual and long-term cyber security and cyber risk management goals, articulate strategies, define metrics, and provide necessary updates to executive leadership
  • Partner with leadership for the development, planning, and execution of major security initiatives. Support Yondu’s secure Software Development Lifecycle
  • Collaborate with SOC team and ISO 27001 Core team to establish appropriate security standards and provide an effective governance structure to ensure cyber compliance and accountability
  • Lead Security Incident Response, Third Party Information Security Assessment, Data Protection and Encryption, Identity & Access Management and Privileged User Access to protect customer and employee data
  • Define cyber security governance and control strategies for emerging technologies such as cloud & containerization, block-chain, etc.
  • Keep well informed of developing security threats, and proactively create strategies to understand and mitigate potential security problems that might arise from acquisitions or other big business moves
  • Other job-related activities that may be assigned from time to time.
Job Qualifications/Requirements
  • Education –  At least graduate with a Bachelor’s Degree in IT, Computer Science, Engineering, or any related course.
  • Related Work Experience – Key Industry certifications in Information Security, such as CISSP, CISM and CISA
  • Knowledge –  Knowledgeable in security and operations processes.
  • Skills:
    • 15+ years of experience in Information/Cybersecurity in a public or large private technology company with a global customer base
    • 7+ years people management experience with hands-on experience building diverse teams while promoting an inclusive organization
    • A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies
    • A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation
    • Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics for understanding and critical decision making by Executive Management and the Board
    • Ability to understand not only emerging industry trends as far as cyber security is concerned but also the landscape of emerging threats, making appropriate adjustments within the cybersecurity program