JOB TITLE: Virtual Chief Information Security Officer (vCISO)
This position is contingent upon award.
POSITION SUMMARY:
The CISO will provide expert virtual cybersecurity services up to twenty (20) hours a week during normal business hours except in the event of a security incident or breach. The organization seeks a fresh perspective on its security measures and protocols to not only improve its posture, but also to identify new risks and opportunities. The vCISO will also be responsible for leading company efforts to address the nine (9) elements of the Gramm-Leach-Bliley Act (GLBA) for compliance purposes.
DUTIES & RESPONSIBILITIES:
- Identify, estimating, and prioritizing information cyber security risks.
- Examine current technology, security controls, policies, and procedures to assess potential threats or attacks; and
- Evaluate company threat landscape, vulnerabilities, and cyber gaps that pose a risk to its assets.
- Act as Qualified Individual (QI) to present quarterly reports to Board of Trustees and leadership as required and specified by GLBA.
- Develop an information security program using a framework such as National Institute of Standards and Technology (NIST) 800-53, Center of Internet Security (CIS) Critical Security Controls, or CIS Implementation Group 1 (IG1) that protects HCC in accordance with GLBA security requirements.
- Provide information security leadership, communication, investigation, mitigation, containment and post-incident analysis in the event of a cyber incident.
- Update and enhance existing cybersecurity policies and procedures as required by GLBA.
- Provide guidance when analyzing real-time threat analysis identified by security operations center.
- Perform third-party and partner evaluations Higher Education Community Vendor Assessment Toolkit (HECVAT).
- Develop and implement the strategy to conduct regular security audits and assessments to identify vulnerabilities and ensure compliance with security policies.
- Write a clear and concise incident response plan that meets industry standards.
- Participate in meetings as needed. (i.e. weekly, monthly, quarterly, ad hoc, etc). Under normal circumstances, in-person meetings are not required. In the event of an incident or breach, an in-person meeting may be required
CYBERSECURITY INCIDENT OR BREACH
In the event of a cybersecurity incident or breach, the vCISO will:
- Implement the incident response plan, ensuring that all relevant teams are mobilized and aware of their roles and responsibilities.
- Oversee the initial assessment to understand the scope and impact of the incident or breach.
- Coordinate with internal stakeholders, including senior management and the board of directors, to keep them informed about the incident or breach and the steps being taken to address it.
- Lead the investigation to determine the cause of the incident or breach, how it occurred, and what data or systems were affected.
- Oversee the remediation efforts to fix vulnerabilities and restore affected systems.
- Ensure that all actions taken during the incident or breach response are thoroughly documented.
- Conduct a post-incident review to evaluate the response and identify lessons learned.
- Provide a full written report of the incident, nature of the breach, compromised information, and correction actions taken to prevent future incidents or breaches.
EXPERIENCE & QUALIFICATION REQUIREMENTS:
- Bachelor’s degree in cybersecurity, computer science, information technology, or a related field from an accredited higher education institution in the United States. Master’s degree is preferred.
- Must possess at least 7-10 years of experience in IT security-related roles such as security analyst, network administrator, or similar positions.
- Must possess experience in management or leadership roles as CISOs need to lead teams and make strategic decisions.
REQUIRED CERTIFICATION(S)
- Must possess at least one of the following related certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
KNOWLEDGE & SKILLS Technical Skills:
- Demonstrate a deep understanding of information security principles, practices, and technologies. Leadership and Communication.
- Possess strong leadership, communication, and strategic planning skills are essential.
- Possess knowledge of regulatory requirements and risk management practices.
CONTINUING EDUCATION
- With the cybersecurity industry constantly evolving, shall remain up to date on the latest trends and threats and prioritize continuing education
Talantage, LLC is committed to presenting candidates that contribute to an organizations culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our recruitment practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status.
Powered by JazzHR
lyTwXegQAq