Chief Information Security Officer
SorocoExplore how Soroco leads the way in business process intelligence with advanced process discovery technologies and task mining solutions
Soroco is on a mission to change how the world gets work done. Powered by multiple patents, its flagship product, the Scout AI model, generates a work graph - a map of hidden pains teams experience at work and their impact on business outcomes. Today, this graph drives productivity improvements in 100s of organizations globally, including several Fortune 500 companies. Soroco has been featured in Harvard Business Review, Forbes, Fortune, and was listed on Bloomberg’s list of ideas that defined 2022. With operations spanning Boston, London, and Bangalore, Soroco was founded by alumni of Harvard, MIT, and Carnegie Mellon.
Scout, our multi-modal transformer model, uncovers hidden workplace pains and their impact on business outcomes. By autonomously generating solutions and empathizing with teams, Scout enables enterprises to foster happier, more productive teams today.
Visit www.soroco.com to learn how we help teams discover their work graph.
What we are looking for
The Chief Information Security Officer serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with Soroco's Information Security policies. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization.
This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected & support the business by articulating our security posture with the customers & prospects. You will also ensure that the IT security system adheres to regulatory requirements and analyze threats to the computer system in real-time.
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program; Work directly with the business units to facilitate risk assessment and risk management processes.
- Develop and enhance an information security management framework. Formulate Business Continuity Planning (BCP) and Disaster Recovery plans.
- Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services. Act as the single point of contact (SPOC) for the business on all matters security.
- Provide leadership to the enterprise's information security organization; Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
- Develop a framework that manages our ML model integrity & security; Apply industry best practices & techniques to protect our company’s machine learning models. Institute secure coding best practices & audits for our ML Models within the MLOps lifecycle. Monitor & take remedial action in a timely manner, on our production models for Adversarial ML attacks.
- Ensuring that no internal breaches or misuse of data take place. Determining the cause of internal and external data breaches and instituting appropriate corrective action
- Ensure customer audits as well as re-certification and surveillance audits are successful; Collaborating with IT and other teams to obtain and maintain compliance with frameworks such as GDPR, SOC2, ISO27001, HIPAA, TiSAX etc.
- Ensure the information incidents are responded and resolved on time to adhere to compliance with legal and contractual requirements.
- Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms; Perform, review and analyse security vulnerability data to identify applicability and false-positives; Conduct penetration testing in line with Open Web Application Security Project (OWASP).
Key Requirements for this role
- A bachelor's or master's degree in computer science, information technology, or a related field
- Professional security management certification(s) like CISSP, CCSP, CISM, CCIE
- Minimum of 12 to 15 years of experience in a combination of risk management, information security and IT jobs
- A good understanding of scripting and source code programming languages, such as Python, C#, C++, .NET, and Java; Tools including Burp, Nexpose, NMap, Whois etc. is a plus; Familiarity with ML Attack tools like MS Azure Counterfit and/or IBM ART are a plus.
- Specific experience in Agile (scaled) software development or other best in class development practices; Experience with Cloud computing/Elastic computing across virtualized environments.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
- Ability to perform vulnerability assessments and penetration testing, utilizing tools - commercial and open source; OWASP top 10 Security Pen Testing methodologies including automated scans and manual methods; Should be able to understand security alerts and take necessary action accordingly; Deep understanding of threat intelligence methodologies, sources, and the ability to correlate threat intel feeds
- Excellent written and verbal communication skills and high level of personal integrity
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Experience with contract and vendor negotiations and management including managed services.
- Excellent understanding of current legislation and regulations relevant to our organization
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Audits Azure C CCSP CISM CISSP Cloud Compliance Computer Science Exploit GDPR HIPAA ISO 27001 Java Machine Learning NIST Nmap Open Source OWASP Pentesting Python Risk assessment Risk management Scripting SOC 2 Surveillance Threat intelligence TISAX Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs