Corporate Chief Information Security Officer (CISO) - United States
- Our company is a leading global provider of products, services and solutions for the diagnostics, food, environmental, industrial, life sciences research and laboratory services markets.
- For example,our company supports the potentially life-saving screening of nearly 40 million newborn babies each year and manages hundreds of thousands of scientific instruments within our lab services business One-source.
- Our strategy is to develop and deliver innovative products, services and solutions in high-growth markets that utilize our knowledge and expertise to address customers’ critical needs and drive scientific breakthroughs.
- To execute on our strategy and accelerate revenue growth, we focus on broadening our offerings through both the acquisition of innovative technology and investment in research and development.
- Our company is optimizing their enterprise IT operations while transforming their business model and needs an experienced, forward-thinking security leader to become their next Chief Information Security Officer (CISO).
- The new CISO will be responsible for designing, implementing, and maintaining an efficient Information Security Program to help drive the security transformation of the company. Security and data privacy is of paramount importance to current and future IoT (Internet of Things) and Big Data opportunities within food, pharmaceutical, diagnostics and other customer laboratories worldwide.
- The CISO will have responsibility for establishing and ensuring the security of our company products and services within these exciting and impactful industries.
- The CISO will also drive security through the enterprise IT program, including: security policy, security architecture, and security across technology, people, and process. The CISO is responsible for reporting the status of the program to the CIO, the executive committee, the CEO, and the Board.
- The CISO is responsible for establishing and maintaining the enterprise-wide, global security program for the purpose of protecting the organization, affiliate, and client information as well as business and technical intellectual property and assets.
Role and Responsibilities:
- Plan and implement a comprehensive Information Security Program for our company.
- Advise our company business executives on potential information security risks and recommend actions in line with overall company risk management and acceptance at appropriate levels.
- Plan, establish and maintain a Cyber Security organization to implement and maintain the InfoSec Program and operations in coordination with the overall IT team.
- Plan and update the security architecture for current and future technology needs, specifically including cloud services (IaaS, PaaS, and SaaS).
- Identify the security technologies needed to implement the security architecture efficiently.
- Develop and maintain comprehensive information security and privacy policies, procedures, and guidelines in compliance with appropriate regulations and practices, including the following: Sarbanes-Oxley (SOX), PCI DSS, FDA CFR Part 11, ISO 9001, NIST Cyber Framework, ISO 27001, and GDPR.
- Develop, maintain, and test infrastructure cybersecurity incident response plans.
- Develop and maintain a Risk Metrics program that demonstrates value and efficiency, through risk reduction, of the overall security program.
- Ensure that our company establishes, maintains, and matures the following IT processes:
Information Security Incident Prevention, Detection, and Response
Prevention, Detection, and Analysis of malicious activity
Identity and Access Management
- Ensure effective business continuity and response programs are in place and maintained (including digital forensics).
- Partner with the IT Operations team to manage the overall security of Enterprise IT systems.
- Partner with the Chief Risk Officer to manage on-going Company-wide security risk assessment and status reporting efforts.
Focus Area – Cloud Security:
It is critical that the applicant have an understanding of cloud-based security technologies and have the capacity to drive or advise a wide range of cloud security architectural, policy, and implementation efforts.
The CISO will establish security requirements for our company products and services, which includes:
- A product security capability that focuses on product security requirements and issues, and is aligned to our company’s product life cycles.
- Collaboration with our company leadership to create and implement product cybersecurity strategies.
- Product security policies that encompass the entire product/service life cycle, from design through production planning, validation, manufacture, distribution and service.
- Working with our company to collect and maintain information from cyber security vulnerability testing and analysis for both our company products and supplier products.
- Working with manufacturing teams to ensure effective cybersecurity throughout the manufacturing environment.
- Ensuring all products and services are appropriately reviewed from a cybersecurity perspective (scans, red team testing, risk reviews) before and during deployment.
- Ensuring product/service intelligence activities are in place, along with product incident response plans.
Knowledge, Skills, Abilities, and Other Characteristics
- Strong knowledge of information security principles and practices
- Clear ability to communicate persuasively with senior executives up to the board level
- Medical Device program management and product lifecycle management
- Business Case development
- Ability to prepare, justify and manage an information security budget
- Enterprise Risk Management
- Medical Device Program Management
- Business Case Analyses
- Security Policy Development
- Security Program Governance | Product Development and Lifecycle
- Product and Infrastructure Incident Response
- Process Improvement and Control
- Regulatory Compliance
- Software Security Concepts and Technology
- One or more internationally recognized certifications such as:
CISM: Certified Information Security Manager
CISSP: Certified Information System Security Professional
- A Bachelor’s degree in Information Security, Computer Science or Engineering
- 12-15 years of IT experience
- 5-8 years of experience leading at an executive level
- Previous experience in developing and administering an Information Security program across a diverse set of geographies, lines of business, threat environments and regulatory schemes
- Excellent project management, written and oral communications skills
- Master’s Degree preferred
- Previous experience as a Chief Information Security Officer in a Pharmaceutical, Lab, or related corporate environment
- An advanced degree (Master’s or Doctorate) in Information Security or a Master’s in Business Administration is preferred