CISO professional

Reporting to the Chief Operating Officer (COO), with a matrix reporting relationship to the India-based Development Centre Leader and Regional General Manager, this role serves as the focal point for Information Security policy and internal operations for Milestone globally.
Define, implement, and manage a comprehensive IT security program that supports corporate business objectives, ensures adherence to regulatory requirements, and continually focuses on improving our security posture
Collaborate with global, cross-functional teams and senior business leaders to provide the corporate vision and define the Information Security strategy; effectively balance the business needs of our internal stakeholders and customers in addition to focusing on adherence to regulatory and compliance needs
Use a risk-based approach to provide leadership, direction, and prioritization in assessing and evaluating information security risks across the organization with a high level of integrity and discretion, positioning the identified risks with executives and ensuring the execution of the agreed upon mitigation/remediation steps
Socialize the resulting strategy to create alignment and support for these goals and initiatives, communicating regularly to ensure that leadership at all levels is informed about efforts and trends impacting the overall effectiveness of the information security programs; determine critical performance criteria and metrics
Identify and advocate for investments to achieve the security strategy by aggressively managing capital and operating budgets and providing thorough ROI analyses to recommended new IT spending, as appropriate
Assume responsibility for the ongoing development and implementation of the information security project portfolio, incident response and security policy frameworks, security compliance activities, threat and vulnerability management, as well as administration of the Milestone information security training and awareness program, providing specialized triaging in areas of high sensitivity
Define, drive, and manage the corporate information security technology architecture spanning security solutions across the enterprise, continually keeping abreast of new solutions and positioning them within the enterprise
Define security requirements to allow for corporate and external service compliance to industry standards, including HIPAA, PCI, SOC2, SOX, Privacy Shield, GDPR, and other regulatory data handling
Evangelize compliance requirements across the enterprise, partnering with cross-functional teams to ensure compliance across the enterprise and, when required, lead these teams in cross-functional efforts
Ensure execution of required testing and auditing activities by internal and external parties, leading to the successful certification of the company on an ongoing basis
Lead, recruit, mentor and develop an IT Compliance Analyst (Hyderabad) to assist with IT Security and Compliance tasks

Bachelor s Degree
15+ years of relevant industry experience
Seasoned information security expert with a solid external reputation who has built/led a broad security organization, set strategic direction at the executive level, engaged with senior leaders, influenced/gained consensus on critical initiatives, and has a record of measurable results
Technically conversant and able to be hands-on with a demonstrated track record of success in an organization of similar size and scale that influenced growth, strategic direction, and change
Experience implementing risk management programs that can effectively identify, prioritize, and manage security-related risks for the business; e.g., SOX, PCI-DSS, HIPAA, and GLBA
Experience implementing information security management frameworks (e.g., ISO/IEC 27001, ISO/IEC 27017/27018, CIS, NIST 800-53, etc.)
Demonstrated experience with developing and implementing an information security awareness and training program
Demonstrated success working with internal audit, external auditors, outside consultants, and legal affairs in a lead capacity
Demonstrated experience with large-scale projects and transformational initiatives
Self-starter who can effectively function with minimal day-to-day oversight and who thrives on a dynamic and aggressive business challenge
Strong intellectual curiosity to learn about relevant emerging IT trends, such as Artificial Intelligence, and solve customer problems in innovative ways
Effective verbal and written communication skills required
Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) or related certifications strongly desired