Vice President Chief Information Security Office

Job Description

Job Title : Vice President, Chief Information Security Officer (CISO)

Location : Marlborough Massachusetts

Reports To : Chief Technology Officer / President

Job Overview :

The Vice President, Chief Information Security Officer (CISO) is responsible for the development, implementation, and management of the company's information security strategy. This executive-level role oversees the protection of the organization's information assets, data, and IT infrastructure against cybersecurity threats, ensuring that systems and networks are secure, compliant, and resilient to attacks. The CISO collaborates closely with senior leadership and other departments to drive a comprehensive cybersecurity strategy that aligns with business goals and risk management frameworks.

Key Responsibilities :

• Cybersecurity Strategy and Governance :
• Lead the development and execution of the company’s cybersecurity strategy, ensuring alignment with the organization’s business objectives and risk management priorities.
• Oversee the implementation of information security policies, procedures, and controls.
• Develop a comprehensive risk management program to identify, evaluate, and mitigate security risks.
• Lead the governance of security practices, ensuring compliance with applicable laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
• Leadership and Team Management :
• Build, lead, and mentor the information security team, ensuring ongoing development and high performance.
• Collaborate with other C-suite executives and departments to integrate security considerations into business and IT processes.
• Provide clear and concise reporting to senior leadership and the Board of Directors on security posture, risks, and mitigation strategies.
• Incident Response and Crisis Management :
• Oversee the company’s incident response program, ensuring rapid identification, containment, and resolution of security incidents.
• Lead the development and execution of disaster recovery and business continuity plans to minimize impact from security breaches or IT disruptions.
• Conduct post-incident analyses to identify root causes and implement corrective actions to prevent future incidents.
• Risk and Compliance :
• Ensure that the organization’s cybersecurity practices are aligned with industry best practices and regulatory requirements.
• Work closely with the legal, compliance, and audit teams to address risk management, audit requirements, and regulatory changes affecting information security.
• Conduct regular risk assessments and vulnerability assessments across the organization’s IT infrastructure.
• Technology and Security Architecture :
• Oversee the design and implementation of secure IT systems and architectures, including network security, endpoint security, cloud security, and application security.
• Stay ahead of emerging security technologies and industry trends, evaluating and implementing new solutions that improve security posture.
• Ensure that all systems are protected by industry-standard encryption, firewalls, and access controls.
• Stakeholder Communication and Training :
• Communicate security risks, strategy, and policies to non-technical stakeholders, including board members, senior executives, and employees.
• Promote a company-wide security culture by implementing awareness programs, training sessions, and promoting best practices among employees.
• Serve as the primary spokesperson for the organization on all matters related to information security.
Qualifications :
• Education :
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s degree preferred).
• Certifications :
• Certified Information Systems Security Professional (CISSP) or equivalent advanced certifications in information security.
• Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or Certified Cloud Security Professional (CCSP) are a plus.
• Experience :
• 6+ years of progressive experience in information security, with at least 5 years in an executive or leadership role.
• Proven track record of managing cybersecurity teams and complex security infrastructures.
• Strong knowledge of security frameworks, such as NIST, ISO / IEC 27001, and COBIT.
• Experience in risk management, security architecture, incident response, and compliance with industry regulations.
• Skills :
• In-depth knowledge of current cybersecurity threats, vulnerabilities, and best practices.
• Strong leadership and interpersonal skills, with the ability to communicate complex security concepts to non-technical audiences.
• Ability to manage cross-functional teams and collaborate effectively with senior leadership.
• Expertise in risk assessment, vulnerability management, and security compliance.
• Familiarity with cloud security, encryption standards, and data protection practices.

Working Conditions :

Key Competencies :