Location: Boca Raton,FL, USA
Full Time/Perm (On-Site)150K - 180KLeading IT company in Boca Raton, FL is seeking a Chief Information Security Officer (CISO) to manage a small team of Security Analysts, maintain a consolidated privacy and security program, and conduct audits to achieve validation of compliance with PCI, DSS, HIPAA and other privacy laws and compliance mandates for the company technology and security program.We are looking for a CISO with a strong background in Information Security, Privacy, and Compliance. The ideal candidate will have strong knowledge and significant experience in Risk Management, Compliance Management, Data Protection and Privacy, Governance, Vendor/Customer Contract Management, and strong communication skills.This position is highly technical and involves working with various technical groups and critical infrastructure to build effective analysis capabilities to better protect the organization from cyber-attacks and threats.This position reports directly to the CTO.Responsibilities:Develop and maintain a consolidated privacy and security program that integrates requirements across various compliance mandates, including PCI DSS, HIPAA, HITRUST, GDPR, and CCPA.Actively manage the implementation of and validate adherence to security practices across the organization to comply with various privacy law and compliance mandates.Support and lead a team of security practitioners in various practices such as incident management, application security, vulnerability management, and auditing.Resolve allegations of non-compliance with corporate policies or notice of information practices.Govern security-specific metrics that demonstrate the performance of the security program, including reduction in program cost, reduction in security incidents, and positive independent security assessment outcomes.Report on a periodic basis to the CTO or committee regarding the status of the security and privacy program.Mature the Privacy and Security program to better support the organization's core business strategy as an enabler for driving business development initiatives.Provide strategic guidance to corporate officers regarding risk to information resources and technology.Provide leadership in the planning, design, and evaluation of privacy and security-related projects.Conduct audits of business partners to achieve independent validation of compliance with PCI, DSS, HIPAA, and other privacy laws and compliance mandates for the company's technology and security program.Maintain and mature a corporate-wide privacy and security training program.Oversee appropriate sanctions for failure to comply with corporate privacy policies and procedures.Actively monitor the regulatory and legislative landscape for changes in requirements to protect the security and privacy of regulated data.Requirements:Eight (8) years progressive experience in Information Security or a related field.Three (3) years' experience in a supervisory or senior level (plan, organize, and direct the work of a technical staff).Four (4) years' experience in technical program management.Cyber-Security Certifications (CISSP, CISM, CISA, etc.).Active proficiency in the following areas:Networking and communications protocols (TCP, HTTP, FTP, DNS, etc.).Security architecture: firewalls, trust-boundaries, encryption, segmentation strategies, Cloud services, etc.Internet security, including transport security and web application security.Incident response and management (SIEM, IDS, forensic techniques, etc.).Security auditing (vulnerability and penetration testing).Identity and access management.Business resilience planning.Data privacy, including GDPR, CCPA, etc.Compliance management, including service provider management, PCI DSS, and HIPAA compliance auditing.A comparable combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this position may be substituted for the minimum qualifications.#J-18808-Ljbffr