Dewislen

Chief Information Security Officer (CISO)

Manylion swydd
Dyddiad hysbysebu: 28 Ebrill 2025
Oriau: Llawn Amser
Dyddiad cau: 28 Mai 2025
Lleoliad: Leicester, Leicestershire
Gweithio o bell: Yn gyfan gwbl o bell
Cwmni: Virgule International Limited
Math o swydd: Cytundeb
Cyfeirnod swydd: Vrg_2425_063

Gwneud cais am y swydd hon

Crynodeb

Reference: Vrg_2425_063

Job title: Chief Information Security Officer (CISO)

We are looking for a skilled Chief Information Security Officer (CISO) for a future role to join our cybersecurity team. This role involves overseeing the development, implementation, and management of a comprehensive information security program, while collaborating with internal stakeholders and external partners to mitigate risk and ensure compliance with industry regulations.

Key Responsibilities:

Lead the development and execution of the organization’s cybersecurity strategy, ensuring alignment with business objectives, regulatory requirements, and industry best practices.

Oversee the implementation of governance frameworks, including NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CIS Controls, and SOC 2, ensuring compliance across the organization.

Manage enterprise-wide risk management programs using tools such as RSA Archer, OneTrust, MetricStream, and LogicManager to assess, track, and mitigate security risks.

Oversee the implementation and management of SIEM solutions (Splunk, IBM QRadar, ArcSight, LogRhythm, SolarWinds Security Event Manager) to monitor, detect, and respond to security incidents.

Lead IAM initiatives, ensuring secure and compliant access management practices across the organization.

Develop and manage an effective incident response program using tools such as TheHive, IBM Resilient, Palo Alto Cortex XSOAR, and ServiceNow Security Incident Response.

Leverage threat intelligence platforms like ThreatConnect, MISP, Anomali ThreatStream, and Recorded Future to identify and mitigate emerging cyber threats.

Oversee endpoint security solutions (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender for Endpoint, FireEye Endpoint Security) and network security tools (Palo Alto Networks, Cisco ASA, Fortinet FortiGate, Snort, Zeek, Cisco Firepower) to ensure robust protection.

Supervise vulnerability scanning and penetration testing programs, utilizing tools like Metasploit, Burp Suite, Nessus, and Nmap to identify and address vulnerabilities.

Ensure compliance with regulatory frameworks and audit standards, including GDPR, ISO 27001, and SOC 2, while managing security audits with tools like AuditBoard, Netwrix Auditor, and Tripwire.

Utilize SOAR platforms such as Siemplify and Palo Alto Cortex XSOAR to automate security processes and incident management, improving response times and operational efficiency.

Lead and mentor a team of cybersecurity professionals, fostering a culture of continuous improvement and cybersecurity excellence within the organization.

Required Skills & Qualifications:

Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or equivalent certifications.

Familiarity with industry standards and frameworks such as NIST CSF, ISO/IEC 27001, CIS Controls, SOC 2, and GDPR.

Extensive experience with SIEM tools (Splunk, IBM QRadar, ArcSight, LogRhythm, SolarWinds Security Event Manager).

Expertise in identity and access management (IAM) solutions and threat intelligence platforms (ThreatConnect, MISP, Anomali ThreatStream, Recorded Future).

Proficiency in endpoint protection tools (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender for Endpoint, FireEye).

Strong knowledge of network security technologies (Palo Alto Networks, Cisco ASA, Fortinet FortiGate, Check Point Security Gateway, Juniper SRX, Snort, Suricata, Zeek).

Experience with vulnerability management and penetration testing tools such as Metasploit, Burp Suite, Nessus, and Nmap.

Familiarity with security orchestration, automation, and response (SOAR) platforms (Siemplify, IBM Resilient, Palo Alto Cortex XSOAR).

Knowledge of backup and disaster recovery systems and tools like Zerto, Veeam Backup & Replication.

Strong leadership and management skills, with the ability to influence and collaborate across all levels of the organization.

In-depth understanding of risk management, compliance, and cybersecurity frameworks.

Excellent problem-solving, decision-making, and communication skills.

Ability to develop and communicate security strategies and risk mitigation plans to executive leadership.

Gwneud cais am y swydd hon