Remote Chief Information Security Officer
at SingleStore

Summary

Join SingleStore as a dynamic Chief Information Security Officer (CISO) to lead our information security efforts. As the CISO, you will be responsible for owning all aspects of information security to safeguard our systems, data, and assets.

Responsibilities

• Develops, implements, and monitors a strategic, comprehensive information security and risk management program
• Plans, directs, and coordinates information security policies, procedures, standards, guidelines, and controls
• Ensures the 24/7 monitoring of access to all systems and maintenance of access control profiles on computer networks and systems
• Oversees identity and access management; ensures documentation of access authorizations is maintained for all applicable resources
• Oversees data lifecycle management; ensures prevention of data loss is maintained for all critical/sensitive assets
• Ensures the installation, modification, enhancement, and maintenance of system security software
• Reviews investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
• Maintains a current understanding of the threat landscape for the industry; liaises with external agencies as necessary to ensure the organization maintains a strong security posture against relevant threats and advancing threat landscape
• Ensures compliance with changing laws and applicable regulations
• Directs member and employee data security awareness and education; ensures cyber security policies and procedures are communicated to all employees
• Oversees and coordinates all regulatory examinations and audits
• Remediates all findings or coordinates organizational risk acceptance
• Regularly interfaces with regulatory/audit personnel to ensure delivering of all required documentation/artifacts
• Reviews/prepares security program status, industry trends, and risk report presentations
• Conducts on-demand voting committee member meetings as needed to review residual risk acceptance
• Develops annual objectives and budgets; builds, leads and inspire a highly skilled and diverse department to accomplish approved objectives within the approved budgets
• Partner and align with Product, Engineering, SRE, Networking, Infrastructure & Operations, and other key departments to reinforce product security to drive and automate secure development practices, while maintaining business needs and mutually agreeable timelines
• Performs Business Resumption planning for assigned departments and validates the adequacy of the plans
• Evaluates, selects, and approves vendors to maintain the quality of member services; manages vendor relationships to ensure achievement of department goals and maximum benefit for the credit union and its members
• Establish and enforce security policies, standards, and procedures to ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001)
• Lead efforts to achieve and maintain relevant certifications and attestations
• Conduct regular risk assessments and audits to identify vulnerabilities and prioritize remediation efforts