Under the general direction of the President, the CISO is responsible for the oversight, development, implementation, and maintenance of the our security strategy and governance framework. The CISO ensures the confidentiality, integrity, and availability of digital assets, data, and IT infrastructure by proactively assessing threats and implementing security frameworks and architectures. This position focuses on risk management, policy enforcement, business continuity, incident response, and compliance with state/federal laws to protect Foundation data and assets.
The CISO is responsible for overseeing the physical security aspects of the our information environment to ensure that facilities, hardware, and supporting infrastructure are protected against unauthorized access, damage, theft, and other physical threats.
The CISO is a trusted advisor to the executive leadership team and the Board of Trustees on cybersecurity risk and compliance matters and is the primary authority on information security.
Essential Functions:
Manage the development and implementation of security policies, standards, guidelines, and procedures to ensure ongoing adherence to security standards, such as NIST. Coordinate the implementation and adherence of these requirements across all levels and programs.
Manage the Security Office personnel by directing staff in their day-to-day assigned duties such as threat hunting, analysis of security events and incidents, validating compliance with the information security program and implementing changes that improve overall security. Develop, mentor and retain staff and ensure their skills are kept up to date as new threat vectors and technologies evolve.
Align building access controls, surveillance, visitor management, and facility protection measures with cybersecurity policies and regulatory requirements to maintain the confidentiality, integrity, and availability of critical systems and data.
Lead the security architecture function, ensuring that all new and existing systems are designed with appropriate security controls and protocols.
Direct enterprise-wide security risk assessments, gap analyses, and audits ensuring timely mitigation of identifies vulnerabilities and risks. Work with outside consultants as appropriate for independent security and compliance audits.
Manage security incident response planning and oversee forensics, investigations and post-incident reviews of any security incidents. Assist with disciplinary and legal matters associated with such breaches as necessary.
Coordinate, implement and maintain the Business Continuity and Disaster Recovery Program.
Work with the Executive Team to recommend security and business continuity related expenditures for budgetary purposes that align with compliance requirements, identified business risks, and planned strategic initiatives.
Foster a culture of security awareness by conducting recurring information security awareness training, establishing metrics to measure effectiveness, and communicate results.
Gather metrics and prepare reports that reflect the effectiveness, efficiency and performance of security operations and include incident response, compliance and risk management. Present these findings as needed.
Collaborate with management to provide training, develop procedures, and monitor security activities.
Maintain appropriate relationships with government agencies, contractors, partners, and vendors.
Work with Legal as appropriate to ensure that information security requirements are included in contracts.
Keep abreast of latest security industry practices, legislation and regulations pertaining to our mission.
Actively monitor and assess the latest information on security threats, advisories, alerts, and trends.
Perform other duties as assigned.
Education:
Bachelor's degree in Computer Science, Information Systems, or related field required. Master's degree (MS, MBA, MPA) desired.
CISSP, CISA, GIAC, or CISM certification
location: Raleigh, North Carolina
job type: Permanent
work hours: 9am to 5pm
education: Bachelors
responsibilities:
Essential Functions:
- Manage the development and implementation of security policies, standards, guidelines, and procedures to ensure ongoing adherence to security standards, such as NIST. Coordinate the implementation and adherence of these requirements across all levels and programs.
- Manage the Security Office personnel by directing staff in their day-to-day assigned duties such as threat hunting, analysis of security events and incidents, validating compliance with the information security program and implementing changes that improve overall security. Develop, mentor and retain staff and ensure their skills are kept up to date as new threat vectors and technologies evolve.
- Align building access controls, surveillance, visitor management, and facility protection measures with cybersecurity policies and regulatory requirements to maintain the confidentiality, integrity, and availability of critical systems and data.
- Lead the security architecture function, ensuring that all new and existing systems are designed with appropriate security controls and protocols.
- Direct enterprise-wide security risk assessments, gap analyses, and audits ensuring timely mitigation of identifies vulnerabilities and risks. Work with outside consultants as appropriate for independent security and compliance audits.
- Manage security incident response planning and oversee forensics, investigations and post-incident reviews of any security incidents. Assist with disciplinary and legal matters associated with such breaches as necessary.
- Coordinate, implement and maintain the Business Continuity and Disaster Recovery Program.
- Work with the Executive Team to recommend security and business continuity related expenditures for budgetary purposes that align with compliance requirements, identified business risks, and planned strategic initiatives.
- Foster a culture of security awareness by conducting recurring information security awareness training, establishing metrics to measure effectiveness, and communicate results.
- Gather metrics and prepare reports that reflect the effectiveness, efficiency and performance of security operations and include incident response, compliance and risk management. Present these findings as needed.
- Collaborate with management to provide training, develop procedures, and monitor security activities.
- Maintain appropriate relationships with government agencies, contractors, partners, and vendors.
- Work with Legal as appropriate to ensure that information security requirements are included in contracts.
- Keep abreast of latest security industry practices, legislation and regulations pertaining to our mission.
- Actively monitor and assess the latest information on security threats, advisories, alerts, and trends.
- Perform other duties as assigned.
- Bachelor's degree in Computer Science, Information Systems, or related field required. Master's degree (MS, MBA, MPA) desired.
- CISSP, CISA, GIAC, or CISM certification
qualifications:
Experience Required:
Ten (10) years of progressively responsible experience in cybersecurity and information technology, including at least 3 years in a senior leadership position.
Proven experience in designing and managing enterprise-wide security programs, policies, and risk mitigation initiatives.
Demonstrated experience in compliance, data privacy laws, risk management, incident response, and security frameworks
Proven ability to interpret legislation, regulations, standards and guidelines.
Experience with business continuity planning, auditing and risk management, as well as contract and vendor negotiation/management.
Experience Preferred:
Working knowledge of NIST standards and guidelines.
Skills:
Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
Ability to build and maintain strong relationships with internal and external stakeholders at all levels in an organization.
Ability to inspire and manage a high-performing team.
Ability to handle high stress situations calmly and effectively.
Ability to organize, plan, and prioritize work.
Ability to communicate effectively and interface with customers and vendors in support and troubleshooting modes.
Ability to interpret and apply applicable laws, codes, regulations and standards.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact HRsupport@randstadusa.com.
Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).
This posting is open for thirty (30) days.
