Chief Information Security Officer
As the senior most security role for the company, this position will drive focus on key security issues globally and will facilitate the promotion of information and physical security across the Endurance International Group business worldwide. The Chief Information Security Officer will also lead and define the companys information security strategy and associated compliance programs, provide leadership and set tone from the top, set clear accountabilities for security, and develop a strong culture of handling and managing corporate assets sensitively and effectively.
- Reports directly to the Chief Information Officer.
- Defines and drives the global information security strategies for Endurance International Group.
- Manages a global team comprised of internal and external security experts.
- Serves as the central point of contact for senior management requests and reporting for security-related issues on a global basis.
- Provides best practices and global standards for product and service implementations to the product and leadership teams.
- Identifies issues and concerns of a security nature raised by company initiatives and advises on solutions to help resolve them. Fosters and maintains appropriate working relationship with the firms primary regulators and stakeholders.
- Administers and participates in the execution of escalation procedures for security breaches including determination of notifications to regulators and clients.
- Works closely with the Legal/Compliance Team to ensure appropriate understanding of regulatory requirements, appropriate risk assessment processes, and appropriate risk mitigation strategies.
- Partners with other areas of the business to incorporate comprehensive response programs for security based incidents including Corporate Communications, Legal, Public Relations, Investor Relations, Engineering, Operations etc.
- Develops and monitors the business plan and budgets for the unit in line with corporate goals.
- Oversees business and functional unit operations to ensure compliance with internal and external regulations and that escalation procedures are followed.
- Ensures that all procedures, systems and controls are regularly reviewed and in line with the risk profile of the unit.
- Maintains ongoing and current knowledge of evolving security legislation and laws and revise EIGs security program to ensure it remains effective in meeting the expectations of laws, regulations, and/or company policy.
- Provides strategic oversight to business line development through identification of key issues and trends.
- Reports regularly to corporate and regional committees including with appropriate, timely and relevant information so that the Committees can discharge their responsibilities effectively.
- 5+ years functioning as an information security executive (CISO, VP/Director of Information Security) in multinational public company
- 10+ years as an information security practitioner in at least two of the core information security disciplines (GRC, Incident Response, Security Architecture, or Application Security)
- Deep knowledge of technical operations/IT including best practices [ITIL], tooling, and production incident response [recovery management] and has comprehensive knowledge of at least 1 of the practices
- Deep knowledge of all facets of risk management and comprehensive knowledge of security risk management practices
- The ability to communicate the organization risk posture to the senior executives/board and recommend risk treatment options
- Working knowledge of insurance and how it can be used in risk treatment
- Extensive experience providing cross-functional leadership, demonstrating ability to deliver on a range of security projects/issues with global impact.
- A highly motivated leader with a proven track record of strong communication, influencing skills and the ability to liaise with the most senior /executive levels of the organization.
- Excellent understanding and working knowledge of current security legislation, practices & techniques.
- Security-related certification CISSP, CISM, or equivalentExtensive experience in PCI regulations and compliance