Chief Information Security Officer
: Job Details :

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. The CISO will proactively work with business units and partners to implement practices that meet agreed-on policies and standards for information security.

Essential Duties and Responsibilities: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the consortium's business objectives, and ensure senior stakeholder buy-in and mandate.

• Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.

• Facilitate an information security governance structure through the implementation of a hierarchical governance program.

• Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.

• Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.

• Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.

• Build and nurture external networks consisting of industry peers, partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.

• Create a risk-based process for the assessment and mitigation of any information security risk consisting of supply chain partners, vendors, consumers and any other third parties. • Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the consortium is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.

• Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation. • Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

• Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.

• Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.

Qualifications:

• Bachelors degree in Computer Science, Information Technology or equivalent work experience.

• Master's degree in cybersecurity or management preferred

• Minimum of 10 years of experience in a combination of risk management, information security and IT

• Five years of experience in executive leadership roles, ideally as a CISO or similar position

• CISSP, CISM or CISA certifications a plus

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to convey complex security concepts to non-technical audiences • Strategic leader and builder of both vision and strategy

• General understanding of information security regulations and compliance requirements, including PCI, IT General Controls, SOC1, SOC2, FFIEC and NCUA.

• Experience leading, motivating and inspiring teams

• Strong customer service orientation.

• Proven analytical and problem-solving abilities.

• Ability to effectively prioritize and execute tasks in a high-pressure environment.

• Strong interpersonal skills.

• Adept at reading, writing, and interpreting technical documentation and procedure manuals.

• Ability to conduct research into hardware and software issues and products as required. • Ability to present ideas and solutions in user-friendly language.

• Highly self-motivated and directed.

• Keen attention to detail.

• Skilled at working within a team-oriented, collaborative environment.

Supervisory Responsibilities:

• Yes

Travel required for this position

Compensation and Benefits

• Salary range between $230,000 and $300,000
• In addition, this position is eligible for an annual bonus eligibility with a target payout of 20%, based on company and individual performance.
• The OTS Benefits package includes medical/dental/vision insurance, flexible spending accounts, 401(k) plan with fully vested matching, PTO, life insurance, short-term disability, long-term disability, holiday pay, student loan paydown program, tuition reimbursement, loan discounts, service anniversary bonuses, recognition program. employee referral program, and employee activities

Physical Requirements: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • While performing the duties of this job, the employee is required periodically to sit, climb or balance, stoop, kneel, crouch or crawl and reach with hands and arms • The employee is regularly required to sit for long stretches of time speaking on the phone • Requires extensive typing • Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components. • The employee may be required to lift up to twenty-five pounds. • Job has the following vision requirements: close, distance, color, peripheral, depth perception, and ability to adjust focus. Work Conditions: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • General office environment with low noise levels • 40-hour on-site work week