The CISO oversees the development, implementation, and enforcement of information security standards and procedures. Responsible for determining enterprise information security policy and strategy. Being a CISO in charge of IT risk evaluations, audits, and security incident investigation. Ensures that all information systems are functional correctly regarding secure policy. In addition, CISO requires a bachelor’s degree. Typically reports to top management. The CISO manages a departmental function within a broader corporate function. Develops major goals to support broad functional objectives. Approves policies developed within various sub-functions and departments. Working as a CISO typically requires 8+ years of managerial experience. Comprehensive knowledge of the overall departmental function.
ciso Job Description Template
Our company is looking for a ciso to join our team.
- Review and approve security policies, controls and cyber incident response planning;
- Provide the required management reporting to the Programme Director and Functional Heads;
- Define and drive the Information Security and Assurance framework aligning to the entire life cycle of the programme;
- Define approach to Information Assurance and Accreditation;
- Accountable for Information Security across the NSoIT(D) programme;
- Maintain a current understanding of the IT threat landscape;
- Provide mentoring and leadership to the Security Assurance Co-ordinators and Security Architects;
- Develop and drive the appropriate operating model to ensure Information Security is Embedded within the programme;
- Accountable for the identification and mitigation of security risks;
- Ensure compliance with the changing policies, laws and applicable regulations;
- Assure the information security artefacts ensuring they align to the strategy and approach of the programme;
- Work collaboratively with the NSoIT(D) Functional Heads;
- Ensure Information Security approach, policies and procedures are communicated to all teams of the programme.
- Member of the Institute of Information Security Professionals;
- Certified in Risk and Information Systems Control;
- Certified Information Systems Security Professional (CISSP);
- Extensive understanding and experience of DAIS Security Accreditation and HMG security policies;
- Certified Information Systems Security Professional;
- Information Systems Security Management;
- ISO27005 Certification in ISMS Risk Management (CISRM);
- 10+ years as an Accreditor or a Security Assurance Co-ordinator on complex secure systems;
- CSTA/CSTP – Certified Ethical Hacker;
- Certified in the Governance of Enterprise IT;
- Certified Information Security Manager;
- Certified Information Systems Auditor;
- CCP SIRA Senior Level;
- Recently acted as DAIS Lead Accreditor.