CISO

As the Chief Information Security Officer (CISO) at Locus.sh, you will be responsible for developing and implementing an organization-wide information security strategy and framework. Your role will involve leading a team of security professionals and collaborating with other stakeholders to safeguard the organization's information assets from security threats and ensure compliance with relevant regulations and industry best practices.

Key Responsibilities: - Information Security Strategy: Develop and implement a comprehensive information security strategy that aligns with the organization's goals and objectives. Address current and emerging security threats, vulnerabilities, and risks. - Security Governance: Establish and maintain an effective security governance framework encompassing policies, procedures, standards, and guidelines. Ensure compliance with laws, regulations, and industry standards. - Risk Management: Identify, assess, and manage information security risks across the organization. Develop and implement risk mitigation plans. - Security Operations: Oversee day-to-day security operations, including security incident response, vulnerability management, threat intelligence, security monitoring, and access control. Ensure the presence of necessary security tools, technologies, and processes. - Security Awareness and Training: Create and deliver information security awareness and training programs for educating employees and contractors on their roles in safeguarding information assets. - Security Compliance: Monitor and enforce compliance with relevant security policies, standards, and regulations. Conduct periodic security audits and assessments to address compliance gaps. - Incident Response: Lead the response to security incidents by investigating and containing them, coordinating with internal teams and external stakeholders, and implementing remediation measures. - Vendor and Third-Party Risk Management: Establish and maintain a program for assessing and monitoring the security posture of external partners and suppliers. - Security Metrics and Reporting: Define and track key security metrics to evaluate the effectiveness of security controls. Present regular reports on the organization's security posture to executive management and the board. Qualifications and Requirements: - Bachelor's or Master's degree in Computer Science, Information Security, or a related field. - Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent.

Key Responsibilities: - Information Security Strategy: Develop and implement a comprehensive information security strategy that aligns with the organization's goals and objectives. Address current and emerging security threats, vulnerabilities, and risks. - Security Governance: Establish and maintain an effective security governance framework encompassing policies, procedures, standards, and guidelines. Ensure compliance with laws, regulations, and industry standards. - Risk Management: Identify, assess, and manage information security risks across the organization. Develop and implement risk mitigation plans. - Security Operations: Oversee day-to-day security operations, including security incident response, vulnerability management, threat intelligence, security monitoring, and access control. Ensure the presence of necessary security tools, technologies, and processes. - Security Awareness and Training: Create and deliver information security awareness and training programs for educating employees and contractors on their roles in safeguarding information assets. - Security Compliance: Monitor and enforce compliance with relevant security policies, standards, and regulations. Conduct periodic security audits and assessments to address compliance gaps. - Incident Response: Lead the response to security incidents by investigating and containing them, coordinating with internal teams and external stakeholders, and implementing remediation measures. - Vendor and Third-Party Risk Management: Establish and maintain a program for assessin