The Chief Information Security Officer (CISO) is responsible for security strategy, development, implementation and oversight of AlphaPoint’s technology structure. This role is responsible for all security technologies and services including user profile management and system access controls. The CISO is responsible for information security policies, standards, evaluations, roles, and organizational awareness. The CISO will be responsible for establishing a security committee to ensure that policies and technology decisions meet the organization’s data security requirements as well as the Company’s growth plans.
The CISO will be a key contributor to crisis management resolution, data privacy efforts and regulatory compliance. He/She will also monitor/manage cyber threat analysis activities and perform security audits as need
- Work with the CIO and other department leads to discuss and implement information security/risk management projects
- Develop and implement Companywide policies outlining the standards for information security at AlphaPoint.
- Provide strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
- Lead and deliver in a timely manner all required audit activities. This includes the auditing of internal policies and processes to insure employees are in compliance with Company policies and procedures.
- Develop, implement and oversee AlphaPoint’s information security risk-based program to ensure the integrity, confidentiality and availability of information assets.
- Develop an IT security architecture roadmap that will outline security controls and assess current/new technologies that will form the basis of the organization’s security priorities.
- Develop, maintain, and promote information security policies, standards and guidelines.
- Ensure that controls comply with contractual obligations, corporate policies, and legal and regulatory requirements.
- Create and implement security and risk management training programs for all employees and contractors.
- Provide strategic risk guidance and consultation to corporate IT projects, including the evaluation and recommendation of technical standards and controls.
- Establish and implement a process for incident management to effectively identify, respond, contain and communicate a suspected or confirmed incident.
- Identify, assess, and prioritize IT risks to data and systems, including external threats, cyber-crimes, internal threats and third-party risks. Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
- Develop and be prepared to implement plans and procedures to recover business-critical services due to a security or other event.
- Train our team and our customers on best practices.
- Keep up with the industry security risks/hacks and inform the company about attacks and implement prevention techniques.
Required Skills & Experience
- Bachelor’s degree in Information Security or related field required.
- 7 plus years of experience in a risk management and/or information security position. This includes experience leading a team.
- Proven track record and experience in developing information security policies and procedures.
- Must be able to demonstrate the ability to execute program roll-outs over the course of your career.
- Knowledge and experience of relevant legal and regulatory requirements.
- Knowledge of common information security management frameworks.
- Experience in dealing with internal/external auditors and senior management.
- Strong process discipline with the ability to multi-task in a start-up environment.
- Experience managing to a budget and prioritizing tasks in line with your available spend.
- Demonstrated capabilities in innovation, influencing and building strong relationships with employees at all levels.
- Excellent written and verbal communication skills, in order to effectively communicate security and risk-related concepts
AlphaPoint is an equal opportunity employer committed to a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability or genetic information, gender identity or national origin.