Deputy CISO
Tampa, FL or Chicago, IL
CoinFlip
CoinFlip has the largest network of Bitcoin ATMs by volume in the US. Buy Bitcoin using cash, card, or bank transfer while enjoying market leading low ratesCoinFlip placed No. 60 on the 2021 Inc. 5000 list of the nation’s fastest-growing private companies. CoinFlip was also named the 2021 and 2022 #1 fastest-growing company in Chicago by Crain’s Business.
As our growth trajectory continues, we’re looking to quickly expand all of our teams. It’s an exciting time to join CoinFlip as we’re pursuing additional business lines and continued international expansion to further cement us as a leading financial technology company.
The deputy chief information security officer (CISO) reports to the CISO and is responsible for day-to-day operations to support and augment the CISO's overall responsibilities. The Deputy CISO is an advanced technical role in supporting the entire cybersecurity program. This individual provides leadership, executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program supporting global enterprise security initiatives. As directed by the CISO, the deputy CISO supports and reports on strategic planning and execution of enterprise security systems, applications, and operations. The deputy CISO will lead an adaptable and secure business-supporting cybersecurity team, in addition to collaborating with technical team members such as software developers, system administrator, and network engineers.
Responsibilities:
- Provide recommendations to the CISO on information security standards and best practices for IT projects.
- Assist the CISO to oversee and manage the effectiveness of the state’s security program.
- Coordinate with business partners to resolve complex or highly sensitive IT issues.
- Provide advice to operating units at all levels on information security issues, recommended practices, and vulnerabilities.
- Develop and deploy the security program for assigned areas to ensure policies, procedures, and objectives are closely aligned with those of the state.
- Assist in the development of metrics to measure the efficiency and effectiveness of the security program.
- Assist the CISO in strategy development and managing the information security program, focusing on security risk assessments; risk management (including risk prioritization and mitigation); education and awareness.
- Work with the CISO to ensure there is appropriate allocation of budgeted funds within assigned units so that the highest priority projects have sufficient monetary resources to be completed in a timely and efficient manner.
- Ensure policy and risk controls are in place, updated when necessary, and risks are communicated to the appropriate business owners.
- Direct the incident response planning and management of security incidents and events to protect State IT assets (e.g. information, critical infrastructure, intellectual property, and reputation) in addition to investigations of security breaches, and assist with disciplinary and legal matters associated with such breaches, as necessary.
- Provide oversight on vulnerability management, including, but not limited to maintaining a centralized scanning environment, identifying scan targets (hardware and web applications), listing and scheduling scans, and work with target owners to remediate identified vulnerabilities.
- Lead the disaster recovery program, including, but not limited to auditing and testing recovery plans, promoting the importance of disaster recovery and continuity planning to agencies, and the performance of business impact analyses.
Qualifications:
- Bachelor’s degree in a relevant discipline.
- Master’s degree in Business Administration, Information Science, Information Assurance or Policy & Risk Analysis is a strong plus.
- CISSP Certification required; Additional CRISC, CISM, GSLC, CDEPUTY CISO certifications are favorable credentials as well.
- Minimum of 8 years’ experience leading global information security programs and applying information security, risk management and privacy practices.
- Minimum of 8 years practical experience designing and implementing enterprise information technology security; demonstrates industry leading security innovation skills and an eye towards understanding the threat environment from a preventative posture.
- Proven experience interfacing with senior executives at the Board of Directors and business leader level and communicating complex cyber security concepts in business-relevant ways.
- Strong demonstrated knowledge of enterprise systems, cloud solutions and IT/security technologies.
- Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
- Business system continuity planning, auditing and risk management experience as it relates to information security.
- Extensive experience in strategic planning, budgeting and allocation.
- Excellent written and verbal communications skills with experience presenting to executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Very strong business analysis skills, problem solving techniques, and follow-up.
- Experience working with global teams based in Canada, Australia and the United States.
- Minimum of 5 years of practical experience working with information privacy and security laws (such as PCI-DSS, GLBA, FIPS, and data breach reporting laws), generally accepted information security principles, and accepted industry practice.
- Experience working with GxP and HIPAA regulations.
- This role is required to be in-office five days per week
Nice to Have:
- Basic knowledge of cryptocurrency and blockchains
- General passion and knowledge of fintech and crypto
CoinFlip values diversity in the workplace and is an equal opportunity employer committed to providing an inclusive and accessible work environment. We thank all candidates who apply, but only those selected for an interview will be contacted.
By applying to this role, you give express consent to CoinFlip to send you informational text (SMS) messages regarding this role and the application process. You can cancel the SMS service at any time by replying "STOP" to the text message you received. If at any time you forget what keywords are supported, just reply "HELP." Message and data rates apply. If you require a special accommodation, please let us know and we’ll work with you to meet your needs.
Tags: Audits CISM CISSP Cloud CRISC Crypto FinTech GSLC HIPAA Incident response Privacy Risk analysis Risk assessment Risk management Strategy Vulnerabilities Vulnerability management
Perks/benefits: Competitive pay Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs