CISO - Chief Information Security Officer - 0169
IESE Business School
hace 2 días

Job description

  • Mission and Proposal:
  • IESE is one of the world's leading international graduate business schools. Its IT Division is looking for a CISO - Chief Information Security Officer to facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board, providing regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.

  • Main Responsabilities:
  • Develops, socializes and coordinates approval and implementation of security policies
  • Works with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations
  • Directs the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences
  • Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
  • Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
  • Embeds Cyber Judgement across a decentralized or distributed decision making model
  • Leads the security champion program to mobilize employees in all locations (SDLC)
  • Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization
  • Assists with the identification of non-IT managed IT services in use ("citizen IT") and facilitates a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this information security risk is clear
  • Works effectively with business units to facilitate information security risk assessment and risk management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite
  • Reportar esta oferta

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación