Chief Information Security Officer Job Descriptions, Average Salary, Interview Questions

Because of our deep commitment to satisfaction, [Your Company Name] is looking for an experienced chief security officer. The CISO supervises assigned personnel, including making and monitoring work assignments, evaluating performance, providing training, corrective instruction and assistance, and conducting security meetings as needed. As an ideal candidate, you have proven experience developing and implementing strategic security programs and managing the security of personnel and both physical and digital assets. As a leader and trusted advisor, the CISO will work to advance the organization’s mission, vision and core values.

Typical duties and responsibilities

• Implements and oversees strategies to assess and mitigate risk
• Safeguards the corporation and its assets
• Crisis management
• Develops, implements, and maintains security processes and policies
• Fosters a culture of physical and digital security awareness by conducting training sessions and communicating with personnel
• Identifies and reduces risks
• Limits liability and exposure to informational, physical, and financial risks
• Ensures the organization is compliant with local, national, and global health, privacy, and safety regulations
• Researches and executes security management solutions to help keep the organization safe
• Works with management to develop and implement appropriate budgets for security programs

Education and experience

• A bachelor’s degree in safety management, information technology systems, or a similar field
• 3+ years of experience working as a security manager

Required skills and qualifications

• Exceptional knowledge of state and federal information security laws
• Proficiency in developing physical and digital security protocols and procedures
• Strong verbal and written communication skills
• Solid interpersonal skills
• Excellent managerial and leadership skills
• Strong knowledge of information management systems and cybersecurity
• Ability to research and stay up to date with security trends and changing government and state laws

Preferred qualifications

• Industry-related security certifications 
• Master’s degree in cybersecurity
• A diverse IT background

ABC Company is seeking a Chief Information Security Officer (CISO) to lead our global cyber and data security programs to secure and enable our ability to deliver the premier self-service event platform. ABC Security is responsible for all aspects of information security across the enterprise, including Web and Mobile application security, Cloud, Infrastructure and device security, Security Awareness Training, Policy, and Compliance.

We’re seeking a proven leader with the ability to define and execute the cybersecurity strategy, adding rigor to our operations, while building a highly skilled and diverse team. This position will partner across functions to drive major security initiatives and will be responsible for effectively communicating goals, risks, and tradeoffs to executive leadership and the board of directors.

You will

• Define and own a multi-year cybersecurity roadmap and key performance indicators focused on reducing cyber risk
• Build and inspire a highly skilled and diverse Security team. Foster a culture of trusted cross functional partnership, service, and continuous improvement
• Create quarterly, annual and long-term cyber security and cyber risk management goals, articulate strategies, define metrics, and provide necessary updates to executive leadership and the Board of Directors
• Partner with Product & Engineering leadership for the development, planning, and execution of major security initiatives. Support Eventbrite’s secure Software Development Lifecycle
• Collaborate with peer members of the Cyber Security Governance Committee (CSG), Audit Committee to establish appropriate security standards and provide an effective governance structure to ensure cyber compliance and accountability
• Lead Security Incident Response, Third Party Information Security Assessment, Data Protection and Encryption, Identity & Access Management and Privileged User Access to protect customer and employee data
• Define cyber security governance and control strategies for emerging technologies such as cloud & containerization, block-chain and distributed computing
• Keep well informed of developing security threats, and proactively create strategies to understand and mitigate potential security problems that might arise from acquisitions or other big business moves

You have

• A Degree in Information Technology or Engineering (Advanced Degree Preferred)
• Key Industry certifications in Information Security, such as CISSP, CISM and CISA
• 15+ years of experience in Information/Cybersecurity in a public or large private technology company with a global customer base
• 7+ years people management experience across a global organization, with hands-on experience building diverse teams while promoting an inclusive organization
• A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies
• A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics for understanding and critical decision making by Executive Management and the Board
• Ability to understand not only emerging industry trends as far as cyber security is concerned but also the landscape of emerging threats, making appropriate adjustments within the cybersecurity program

The Chief Information Security Officer will be directly responsible for all global aspects of security technology, strategy, and operations within ABC Company. As an innovative and resourceful partner entrusted to protect the ABC Company environments, systems, data, customers, and users, it is critical for ABC Company to build and maintain appropriate security safeguards that are designed to protect the confidentiality and integrity of our products and systems for our customers and internal users. You will scale the security organization and drive the program to its next level of maturity as we all work to make ABC Company grow and improve. You will report to and partner closely with the Chief Risk Officer to work with leaders across the organization to develop and implement a robust framework and appropriate technology and tools. Also, you’ll interact with broader executive leadership to communicate on our evolving needs, matching the size and complexity of our organization with security strategy and operations right-sized for our stage of growth and the information we safeguard.

Responsibilities:

• Attract, hire, and retain a high-performing team of world-class security talent who will continue to evolve to address the information security needs of the company
• Develop, implement, and monitor a strategic, comprehensive enterprise-wide information security and risk management program
• Provide strategic and tactical vision around adversary and threat detection, incident response, and asset fortification
• Partner and align with Product and Engineering teams to reinforce product security to drive and automate secure development practices while maintaining business needs
• Advise the CRO, executive leadership, and technical leads on security issues and threats
• Identify, track, and communicate detailed metrics indicating overall security risk factors
• Guide technical development of security tools and product features in order to reduce security risk across the company

Qualifications:

• 15+ years of broad technology experience in encompassing SaaS environments, application development, Information Security, incident response leadership, architecture, policy regulations, risk and compliance, and infrastructure services with a strong record of successfully managing information security
• 10+ years of experience in building, mentoring, and managing global security teams for a cloud based SaaS offering and providing structure for professional development of team members
• Experience with pre & post IPO readiness and the different stages that companies go through during that journey
• Demonstrated experience representing an organization’s information security program in presentations and discussions with customers, partners, and other external parties
• Experience implementing controls and mitigating risks related to GDPR, PCI, HIPAA and other information security and data privacy standards
• Experience implementing cloud security technologies, including encryption, network security, intrusion detection, cloud monitoring, and digital forensics
• Experience triaging and remediating organizational incidents with wide-ranging business or customer impact
• Well-versed in the rapidly evolving threat landscape with a strategic mindset to mitigate threats and an established personal network for standard methodologies and information sharing around emerging challenges in the security space
• Strong business sense with an ability to balance “business value” vs “security risk”
• Good communication skills with an ability to build strong narratives to highlight the importance of security to employees internally and customers/shareholders externally, including both technical and non-technical audiences

What we’re looking for:

ABC Company is a rapidly scaling business and we are looking for our first Chief Information Security Officer (CISO) to lead and scale our Security and IT teams. The CISO will work closely with the Senior Leadership Team to define our strategic goals for enterprise security, application security, and IT, a roadmap to achieve these goals, and work with their team and stakeholders to execute.

This is a remote-friendly position that can be located anywhere in North America.

What you will do:

• Set the vision, strategy, and roadmaps for our Security and IT programs
• Lead and scale diverse technical teams to execute on the roadmap
• Collaborate with senior Engineering, Product, Legal Compliance, and other functional leaders to get buy-in into the strategy and roadmap
• Develop an effective strategy to assess and mitigate risk, manage incidents, maintain continuity of operations, and safeguard the company
• Prepare and report on our information security posture and status to Senior Management and the Board
• Actively mentor current and future leaders and individual contributors in your group through effective 1:1s, thoughtful feedback, career growth planning, and performance reviews
• Own compensation, team design, hiring, and retention plan for your group in alignment with company-wide policies
• Drive and influence software and infrastructure security across the organization
  

What skills will help you be successful:

• Bachelor’s Degree in Business, Computer Science, or other related field or equivalent experience
• 10+ years of experience in a combination of risk management, information security, and application security engineering roles
• 5+ years in a senior leadership role in security
• Demonstrated experience with Application Security, DevOps, or Cloud Security functions as a leader or in a people management role
• Experience with cloud computing technologies, especially AWS (Amazon Web Services), with security commitments to customers and partners
• Knowledge and understanding of relevant legal and regulatory requirements, such as HIPAA (Health Insurance Portability and Accountability Act), Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII), Service Organization Control (SOC), and California Consumer Privacy Act (CCPA)
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences