About the Role
Business Wire’s Chief Information Security Officer (CISO) is responsible for advancing and managing a comprehensive information security practice protecting customers, partners, and company digital assets.
At Business Wire, information security is a key consideration in our overall decision process from product ideation through business operations.
We are seeking an experienced, technical, and dynamic CISO to join our team. The ideal candidate will have a proven track record of building and leading a strong InfoSec team, defining and implementing information security strategies, enhancing cloud and data center security, and ensuring compliance with industry standards in a fast-paced environment. The candidate should also be familiar with data, code, and information security best practices, as well as auditing processes.
As the leader of the InfoSec organization, you will work collaboratively with all areas of the business including Engineering, Quality, Architecture, DevSecOps, IT Operations, Program Management, and Business Operations to ensure that we maintain a robust and highly effective information security program for our existing solutions while also supporting the buildout of new client solutions hosted in our data centers and the cloud. You will collaborate with all stakeholders and senior leaders across the company as well as a diverse team of participants throughout the development, deployment, and operational lifecycle.
You will lead a strong team of security architects and engineers, help define the strategic direction for our security practice to meet the stringent requirements of our industry and clients, and continue to enforce a security-first culture.
What You’ll Do
· Build and lead a world-class InfoSec organization:
o Mentor and lead a team of security professionals to protect our company’s systems and customer data.
o Enhance overall security strategy and align with the business objectives of the organization. Keep up with emerging threats and new technologies to enhance organizational cyber defense systems. Work with business and technology partners to facilitate risk management and risk management processes to mitigate potential threats to the organization’s infrastructure, applications, and data.
o Develop and conduct security awareness training for employees to promote a security-first culture throughout the organization. Ensure that employees are aware of their security responsibilities and trained to mitigate risks.
o Improve and implement a security governance framework including controls, standards, policies, and guidelines. Ensure the consistent application of governance across all technology projects, products, systems, and services.
o Manage the timely creation and dissemination of security-related communications including security awareness and training announcements, security compliance policies and processes, security alerts, and event messaging.
o Measure the effectiveness of security controls. Define and use metrics to track performance.
o Ensure that vendors and third-party providers adhere to the same high-security standards as our organization.
o Balance security needs with user experience and usability.
· Enhance cloud and data center security:
o Enhance security strategy for our cloud and data center environments, data, code, and applications.
o Make continuous improvements to our security strategies to protect critical assets and data.
o Implement security controls and technologies, including AWS services such as IAM, VPC, WAF, and GuardDuty, to monitor and protect the organization’s assets.
o Plan for and respond to security incidents, and establish processes to minimize the impact.
· Ensure timely internal and external audits:
o Manage a comprehensive Governance Risk Compliance program in support of corporate audits and periodic client assessments.
o Ensure that our company meets all internal and external audit requirements.
o Conduct periodic penetration testing and vulnerability assessments.
