Chief Information Security Officer (CISO)

Position Overview

Chief Information Security Officer (CISO)

strategic vision and hands-on execution capabilities

Key Responsibilities

• Strategic Leadership
• Develop, implement, and maintain the organization’s information security strategy, aligning with business objectives.
• Provide leadership, guidance, and direction to the cybersecurity and IT risk teams.
• Risk Management & Compliance
• Identify, assess, and mitigate security risks across the organization.
• Ensure compliance with industry standards and regulations such as ISO 27001, GDPR, HIPAA, SOC 2, PCI-DSS, etc.
• Lead periodic security audits and third-party risk assessments.
• Incident Response & Threat Management
• Oversee the development and execution of incident response plans.
• Manage investigations of security breaches, root cause analysis, and post-incident remediation.
• Stay ahead of emerging threats and implement proactive defense measures.
• Policy & Governance
• Establish and enforce security policies, standards, and procedures.
• Collaborate with legal, compliance, and risk teams to address regulatory requirements.
• Security Awareness & Training
• Promote a security-conscious culture through awareness programs.
• Conduct employee training on security best practices and cyber hygiene.
• Technology & Innovation
• Evaluate and implement security tools, technologies, and frameworks.
• Drive innovation in cybersecurity operations through automation and AI-based solutions.
• Hands-on execution in critical projects, ensuring technical depth in security operations.
• Cloud security expertise is highly desirable, particularly AWS-specific experience in securing cloud workloads, networks, and applications.
  

Qualifications

Education & Experience

• Bachelor’s or Master’s degree in Information Security, Computer Science, Information Technology, or a related field.
• 10+ years of progressive experience in information security roles, with at least 5 years in a senior leadership position.
• Proven track record in cybersecurity strategy, incident management, and regulatory compliance.
  

Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• AWS Security Specialty or equivalent cloud security certification
• ISO 27001 Lead Implementer or similar
  

Skills & Competencies

• Strong knowledge of network security, cloud security (AWS preferred), and application security.
• Excellent understanding of risk management frameworks (NIST, ISO, COBIT).
• Exceptional leadership, communication, and decision-making skills.
• Ability to work cross-functionally with executive leadership, IT, and business units.