Virtual Chief Information Security Officer (vCISO)

Job title: Virtual Chief Information Security Officer (vCISO)

Job description: Virtual Chief Information Security Officer (vCISO)

About Us:

Messagepoint is a PE-funded SaaS company headquartered in Toronto, Ontario with customers in the USA, Canada and the UK. We enable large enterprises to deliver enhanced customer experiences and achieve a better bottom line by optimizing their omni-channel customer communications.

Why we need you:

Messagepoint is a pioneer in SaaS services for content management in highly regulated industries. Our scope has evolved over time to include processing of PII in our hosted environment. Our customers are leaders in financial services, healthcare, insurance, and more recently the public sector. We have managed information security internally across departments, and through the advice of consultants, and we now want a single responsible party to orchestrate our internal Information Security activities, infusing information security into DevOps at the early stages of product development, reinforcing our boundaries, and helping us achieve new levels of credentials critical to our markets. We need you to lead Messagepoint’s Information Security practice across our various departments and stakeholders. We need you to be the voice of Messagepoint with respect to Information Security and help us respond to the market with sound approaches to secure new business.

Position Summary:

Reporting to the Chief Financial Officer, the Virtual Chief Information Security Officer plays an integral part in defining the fundamental principles for the protection of Messagepoint’s information resources and the proper controls needed to ensure compliance with internal and external regulations, while supporting the business needs and upholding Messagepoint’s reputation.

The vCISO will be accountable to oversee all the Information Security policies in place and determine the security controls that are appropriate to the level of risk associated with IT systems leveraged to support Messagepoint employees, customers and partners. This role will provide strategic leadership and provide an Information Security program to manage and improve information security while mitigating risk.

This role serves as an expert advisor to senior management in the development, implementation and maintenance of information systems to ensure best practice control objectives are achieved in protecting information assets.

This role guides the senior leadership team by making pragmatic recommendations for priority investments and projects that will mitigate overall risks by strengthening defenses and reducing vulnerabilities for Messagepoint’s information assets.

Responsibilities:

• Develop, manage and improve a comprehensive information security risk-based program to ensure the integrity, confidentiality and availability of information assets.

• Develop an IT security architecture roadmap that will identify security controls and identify and assess technologies that will enforce the organization’s security priorities.

• Develop, maintain, and promote information security policies, standards and guidelines. Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.

• Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

• Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings with collaboration of other senior IT and Risk Management leadership team members.

• Create, communicate and implement a process to manage vendor risk, including assessment and remediation efforts to address such risks that may result from partners, consultants and other service providers.

• Provide strategic risk guidance and consultation for corporate IT projects, including the evaluation and recommendation of technical standards and controls.

• Establish and implement a process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident with collaboration of other senior IT and Risk Management leadership team members.

• Identify, assess, and prioritize IT risks to corporate data and systems, including external threats, cyber-crimes, internal threats and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.

• Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.

• Effectively manage an information security budget and monitor for variances.

• Provide regular reporting on the current status of the information security program to the senior leadership team and the board of directors as part of a strategic enterprise risk management program.

• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or related field required. Master’s degree preferred.

• Minimum of 8 years of experience in a combination of risk management, information security and information technology fields. At least 4 years of experience in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

• Poise and ability to act calmly and competently in high-pressure, high-stress situations.

• Understanding of the differences in Information Security models, norms and expectations between Healthcare and Financial Services, and the implications for secure processing of PHI and PII

• Knowledge of relevant audit requirements, and certifications applicable to moderate-impact control baselines, as defined by NIST for cloud hosted systems that may be used by the U.S. Federal Government.

• Experience with SOC 2 compliance and ISO 27001 certification audits

• Holds an accredited security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

• Knowledge of Information Security expectations and common practices designed to ensure the integrity of a service “boundary” such as penetration testing, vulnerability scanning

• Knowledge of security questionnaires (self-assessments) and their use, especially CAIQ, SIG, ISO 27001, HIPAA

• Exhibit excellent analytical skills, the ability to manage multiple, inter-disciplinary projects as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

• Project management skills: financial/budget management, scheduling and resource management.

• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

• High degree of initiative, dependability and ability to work with little supervision.

Messagepoint is an Equal Opportunity Employer and encourages diversity and inclusion in the workplace.

We thank you for your interest, however, only those who qualify for an interview will be contacted.

Powered by JazzHR

Click Here to Apply

Source: