A leading IT company in Boca Raton, FL is seeking a Chief Information Security Officer (CISO) to manage a small team of Security Analysts, maintain a consolidated privacy and security program, and conduct audits to achieve validation of compliance with PCI, DSS, HIPAA, and other privacy laws and compliance mandates for the company technology and security program.
We are looking for a CISO with a strong background in Information Security, Privacy, and Compliance. The ideal candidate will have strong knowledge and significant experience in RIsk Management, Compliance Management, Data Protection, and Privacy, Governance, Vendor/Customer Contract Management, and strong communication skills.
This position is highly technical and involves working with the various technical groups and critical infrastructure to build effective analysis capabilities to better protect the organization from cyber-attacks and threats.
This position reports directly to the CTO.
- Develop and maintain a consolidated privacy and security program that integrates requirements across various compliance mandates, including PCI DSS, HIPAA, HITRUST and various privacy laws, including GDPR and CCPA.
- Actively manage the implementation of and validate adherence to security practices across the organization to comply with the various privacy law and compliance mandates.
- Support and lead a team of security practitioners in various practices such as incident management, application security, vulnerability management, and auditing.
- Resolve allegations of non-compliance with the corporate policies or notice of information practices.
- Govern security-specific metrics that demonstrate the performance of the security program including reduction in program cost, reduction in security incidents, and positive independent security assessment outcomes.
- Report on a periodic basis to the CTO or committee regarding the status of the security and privacy program.
- Mature the Privacy and Security program to better support the organization’s core business strategy as an enabler for driving business development initiatives.
- Provide strategic guidance to corporate officers regarding risk to information resources and technology.
- Provide leadership in the planning, design, and evaluation of privacy and security related projects.
- Conduct audits of business partners to achieve independent validation of compliance with PCI, DSS, HIPAA, and other privacy laws and compliance mandates for the company’s technology and security program.
- Maintain and mature a corporate-wide privacy and security training program.
- Oversee appropriate sanctions for failure to comply with the corporate privacy policies and procedures.
- Actively monitor the regulatory and legislative landscape for changes in requirements to protect the security and privacy of regulated data.
- Eight (8) years of progressive experience in Information Security, or related field
- Three (3) years of experience in a supervisory or senior level (plan, organize, and direct the work of technical staff)
- Four (4) years’ experience in technical program management
- Active proficiency in the following areas:
- Networking and communications protocols (TCP, HTTP, FTP, DNS, et.)
- Security architecture: firewalls, trust-boundaries, encryption, segmentation strategies, Cloud services, etc.
- Internet security, including transport security and web application security
- Incident response and management (SIEM, IDS, forensic techniques, etc.)
- Security auditing (vulnerability and penetration testing)
- Identity and access management
- Business resilience planning
- Data privacy, including GDPR, CCPA, etc.
- Compliance management, including service provider management, PCI DSS and HIPAA compliance auditing
A comparable combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this position may be substituted for the minimum qualifications.
Sherlock loves to share a $500 referral bonus!
“U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.”
***No 3rd party vendors Please***