Chief Information Security Officer (CISO)

US-NH-Merrimack
4 weeks ago
Job ID
2017-5769
# Positions
1
Priority
High
SECURITY CLEARANCE
Secret

Overview

Scope: The Chief Information Security Officer (CISO) represents the senior-level position for a career in Information Assurance and Security at the ESA, LLC Fort Worth Operations Site.  The position is under the direct supervision of the Chief Information Officer (CIO).

 

The Chief Information Security Officer is a critical member of the CIO’s Information Technology team.  The CISO is responsible for establishing and maintaining Elbit System of America’s information security management program.  The CISO ensures information assets are adequately protected and is responsible for identifying, evaluating and reporting on information security risks to meet industry regulatory compliance requirements.  Specifically, the Chief Information Security Officer develops, documents, implements and continuously improves the information security program and is a process owner of all information assurance activities to provide confidentiality, integrity and availability for all systems, networks and data that support the operations of the organization.

Responsibilities

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization
  • Manage the enterprise’s information security organization, consisting of direct reports and indirect reports (such as individuals in IT operations). This includes hiring, training, staff development, performance management and annual performance reviews.
  • Facilitates information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
  • Primary liaison with foreign parent ownership and affiliate organizations, within the scope of the Special Security Agreement (SSA) and Affiliate Operations Plan (AOP), to manage the global threat to organization and customer information
  • Develop, maintain and publish up-to-date, risk-based, cost-effective information security policies, standards and guidelines
  • Oversee the approval, training and dissemination of security policies and procedures.

 

  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and remediation of risks introduced from partners, consultants and other service partners
  • Develop and enhance an information security management framework based on the National Institute of Standards and Technology and Nation Industrial Security Program requirements.
  • Create and manage an information security and risk management awareness training program for all employees, contractors and consultants
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Work directly with business unit leaders to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
  • Define metrics and reporting strategies that effectively communicate successes and progress of the information security program

 

 

 Authorities:
  • Owner of enterprise information security and IT risk management program
  • Chairperson for information security committee and/or advisory board
  • Control and responsibility over information security organization’s budget
  • InfoSec staff responsibilities to include hiring, training, employee development, performance management and annual performance reviews

 

 

Outside Business Relationships:

  • Manage Service Level Agreements (SLAs) with security vendors
  • Maintain relationships with U.S. Government regulatory agencies as needed
  • Maintain foreign parent ownership and affiliate organization relationships with regards to information security best practices and procedures

Qualifications

Minimum Qualifications:

 

Education (Highest Level Required/Preferred):

Bachelor degree required.

      Specific Degree Field, only if required: BS in Computer Science or Information Security

 

 

Training Pre-requisites (Within One Year of Taking Position):

 

      þ ESD

      þ Safety Training, as dictated by Safety Department

      q Other:

     

Certifications/Licenses:

Required:        None

Preferred:       CISSP, CISM, PMP

 

Experience Required:

Functional (Using Skill Set): 5-10 years

Management: 5-10 years                                  

Industry: 5-10 years                                          

 

Knowledge, Skills, Abilities Required (Unique and Measurable):

 

 

  • Senior leadership role experience with a proven track record in developing information security policies and procedures, and successfully executing programs in a dynamic environment
  • Thorough understanding of the system security design process, defense-in-depth methodologies, system integration, intrusion prevention/detection and certification & accreditation process
  • In-depth knowledge of NIST, NISP and SOX security requirements
  • Must be intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical team members at all levels of the organization
  • Strong strategic thinker who can translate vision into tactical execution; strong decision making skills and the ability to effectively prioritize work in a high dynamic work environment

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed