Chief Information Security Officer (Spring)
Compensation: $62,495.00 - $146,840.00 /year *
Employment Type: Full-Time
Industry: Law Enforcement
Loading some great jobs for you...
Hubbell Incorporated was founded in 1888 and has grown into an international manufacturer of quality electrical, lighting and power solutions with more than 75 brands used and recognized around the world. Our founder, Harvey Hubbell, developed tooling and equipment to serve the growing demand for new assembly and manufacturing machinery during the industrial revolution.An early, and one of many patents awarded, came for the creation of the first practical method to control electricity through the pull chain socket that remains unchanged today. As a market leader in reliable, electrical solutions, we provide more than half a million products delivered through our various business groups. Hubbell is committed to continually innovating solutions that work, transforming old products with new ideas, and ensuring that we Energize, Enlighten and Empower the communities that support us.
Secure access to information assets is critical to achieve business objectives. The CISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.
The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The CISO will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. He or she should understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology. The CISO will be responsible for implementing and running the enterprise information security program.
The CISO should understand and articulate the impact of cybersecurity on (digital) business and be able to communicate this to the board of directors and other senior stakeholders. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization.
The CISO must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process and technology. While the CISO is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the CISO is a business leader, and should have a track record of competency in the field of information security and/or risk management, with seven to 10 years of relevant experience, including five years in a significant leadership role.
Duties and Responsibilities
- Formation of an information security steering committee/advisory board.
- Work with VMO ensuring information security requirements are included in contracts.
- Create/manage/establish metrics for targeted information security awareness training programs for employees, contractors and approved system users.
- Provide clear risk mitigating directives for projects with components in IT.
- Manage budget for the information security function, monitoring and reporting discrepancies.
- Manage the cost-efficient information security organization, consisting of direct reports and dotted line reports including training, staff development, performance management and annual performance reviews.
- Develop, implement and monitor a comprehensive information security program, ensuring appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
- Assist with the identification of non-IT managed IT services in use ('citizen IT').
- Work with business units to facilitate information security risk assessment and risk management processes, empowering them to own/accept the level of risk deemed appropriate.
- Develop/enhance an up-to-date information security management framework based on the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Create/manage a unified and flexible control framework.
- Develop/maintain a document framework of continuously up-to-date information security policies, standards and guidelines.
- Oversee the approval and publication of information security policies and practices.
- Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection of information assets.
- Facilitate a metrics and reporting framework measuring the efficiency/effectiveness of the program, appropriate resource allocation, increase the maturity of the information security and review it with stakeholders/executive and board levels.
- Create internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams.
- Build/nurture external networks to address common trends, findings, incidents and cybersecurity risks.
- Liaise with external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats.
- Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures.
- Ensure that data privacy requirements are included where applicable.
- Define/facilitate the processes for information security risk and for legal and regulatory assessments, including reporting and oversight of treatment efforts to address negative findings.
- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
- Oversee technology dependencies outside of direct organizational control.
- Manage/contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
- Monitor the external threat environment.
- Develop/oversee effective disaster recovery policies and standards.
- Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
Skills and Experience
- Implementing best practices through all aspects of software and product development and deployment of these products.
- Expert knowledge of cyber-security design and implementation with C# or another .NET language.
- Expertise in applying secure development lifecycle (SDL) best practices to software solutions.
- Minimum of 10 to 15 years of experience in a combination of risk management, information security and IT or OT jobs (at least five must be in a senior leadership role).
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
- Proven track record and experience in developing/ executing information security policies and procedures.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Knowledge and understanding of relevant legal and regulatory requirements, such as: Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only 'dotted line' reporting lines exist.
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital.
- Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
- Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Experience with contract and vendor negotiations.
- High degree of initiative, personal integrity, dependability and ability to work with little supervision while being resilient to change.
Hubbell Incorporated, its subsidiaries and affiliates, is an EO Employer AA: M/F/Veteran/Disability. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity or any other protected class.
Nearest Major Market: Greenville
Nearest Secondary Market: South Carolina
Job Segment: Information Security, Information Systems, Embedded, Cloud, IT Architecture, Technology
Associated topics: canine detection, casino, countermeasure, guard, metal detection, protect, public safety officer, safety officer, security, surveillance
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...