|Location||Golden Valley, MN|
|Date Posted||September 10, 2019|
Role: Deputy CISO
Location: Golden Valley, MN
JOB DESCRIPTION - Deputy Information Security Officer, DISO
This position is a middle management technology leader in the Assurance tower, and reports directly to the Chief Information Security Officer (CISO) The Deputy ISO will be responsible for coordinating the day-to-day in-charge duties of planning, control work and wrap-up for the preparation of third party attestation reports, including Service Organization Control (SOC) 1, for applying most areas of the governing standard as necessary and documenting, validating, testing and assessing various control systems. This position is also be involved in other business process or IT assurance related engagements, including COBIT 5, HIPAA, PCI DSS, DFS NY Cybersecurity, GDPR and IT general control testing for company financial audit engagements. Transformation of IT general controls to COBIT 5 framework. The DISO will co-manage offshore personnel responsible for the management and maintenance of control framework narratives and evidence collection. The DISO will also participate in annual reviews of security standards, governance, data compliance and privacy management, audit, risk assessments, physical access reviews, and data destruction solutions.
The Deputy Chief Information Security Officer will, in coordination with the Assurance lead and the CISO, participate in strategic Security Governance planning by utilizing technology and process improvement to reduce the organization’s operational risk.
Participate in the development of best-in-class Enterprise Security Governance solutions for the customers.
Ensure information security standards are properly implemented, tested, and reported on by use of appropriate metrics.
Assess the impact of emerging technologies on the organization, providing Security Governance solutions to address threat landscape issues.
- The ideal candidate will be a business minded individual with solid leadership skills, strategic planning ability, technical competencies, and proven collaboration experience in the field of information security
- The ability to effectively communicate with and influence customers and executive leadership, throughout the organization and build relationships with people at a variety of levels
- Demonstrated experience in organizational development (e.g. mentoring, coaching, supervising, and career development)
- The ability to read, understand, and write complex technical reports, policies, and standards.
- The ability to launch and deliver one or more IT project(s), process(es), or service(s) on time and within budget
- Bachelor’s degree in Computer Science, Management Information Systems or other relevant field required
- 3 years of responsible experience in computer applications systems development, operations, technical services, or user technology
PREFERRED QUALIFICATIONS – The job requirements listed above, plus:
- 3 or more years with direct line management accountability for significant IT infrastructure including core security services, security operations, and/or applications
- 3 years of privacy program management
- Degree in computer science, information systems, business administration or related field
- Proven professional experience in the field of information security by having earned the Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified Information Systems Auditor (CISA); Certified Information Privacy Manager or Professional/US (CIPM or CIPP/US), and/or other leading nationally recognized information security certifications
- 3 years of prior experience in internal or external audit
- Experience performing internal control reviews preferred
- Completion or actively pursuing completion of CPA, CIA, CISA, CISSP or other relevant certifications
- Experience performing SOC, ISO 27001, PCI DSS and COBIT 5 engagements
- Excellent written and verbal communication, facilitation, and presentation skills with the ability to gain the confidence and respect of senior level executives
- Ability to travel
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178