Chief Information Security Officer (CISO)

Job description / Role

Position
Chief Information Security Officer (CISO)

Reports to
COO

Direct Reports:
• Cybersecurity (CS) strategy lead
• CS Operations lead
• CS Architecture lead
• CS Governance lead
• CS Chief of staff

Role Purpose:
• Responsibility for all cyber resilience related strategies, initiatives and decisions across a country size region.
• Plan, implement and direct the company / project-wide CISO function and control all activities related to: Cybersecurity (CS) strategy (including CS law and regulation), Operations (including the Cyber Defense Control Center) across IT and (I)OT, CS Architecture, CS Governance (including 3rd party Cyber-risk Management).

Background
This project’s vision as “The land of the future, where the greatest minds and best talents are empowered to embody pioneering ideas and exceed boundaries in a world inspired by imagination” will be implemented through using and further development of latest digital trends and critical infrastructure, being designed for cyber resilience.

The Chief Information Security Officer (CISO) is the top leadership role reporting to the COO of the organization responsible for the definition, implementation and management of the cyber resilience strategy, legislative and regulatory framework, governance structures and cybersecurity processes working with company and project stakeholders in order to:

“Foster the vision of the land of the future by safeguarding the project’s citizens, businesses and government through global leadership in cyber resilience and innovation.”

The CISO will ensure:
• A robust and flexible legislative and regulatory framework designed to foster innovation
• Smart critical infrastructure designed for highest cyber resilience
• Effective, lean governance and leading role in global cooperation
• Analytics and automation driven cybersecurity operations preventing attacks
• Globally leading cybersecurity innovation hub and cyber security talent pool
• Working with the project sector Business Information Security Officers (BISOs) the CISO will establish sector (e.g. Energy, Tourism) specific laws, regulations, cybersecurity processes and govern the implementation and operations of those.

This project’s cyber resilience strategy will be built on the implementation of latest technologies (e.g. biometrics, digital identity, quantum cryptography) and building a leading cyber resilience ecosystem consisting of local cyber champions and a leading talent pool of cyber experts.

Through close cooperation with other countries and global initiatives the CISO will establish this organisation and project as a global thought leader concerning cyber resilience, particularly for smart cities.

KEY ACCOUNTABILITIES & ACTIVITIES
• Develop, implement and monitor the country cyber resilience strategy.
• Monitor market and regulatory trends to adjust the cyber resilience strategy to keep the project / company being a global thought leader in cyber resilience.
• Become a trusted business adviser. Regularly brief the executive team on cyber threats and cyber-risk, including updates on strategy and budget.
• Build and manage the country CISO team, being globally recognized as global thought leaders and driver of global cyber resilience of critical infrastructures.
• Review and approve cyber security policies, controls and cyber incident response planning.
• Ensure continued compliance with laws and applicable regulations.
• Work directly with project sectors to facilitate risk assessment and risk management processes.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Partner with sector stakeholders across the company / project to raise awareness of risk management concerns.
• Assist with the overall sector technology planning, providing a current knowledge and future vision of technology and systems and respective cyber resilience implications
• Direct and approve the cyber resilience aspects of all critical infrastructure designs.
• Ensure that cybersecurity disaster recovery and business continuity plans are in place and tested, working with the physical security team.
• Ensure all cybersecurity processes are in compliance with data privacy regulation and establish highest level of integration between the CISO and the data privacy function.
• Establish a country wide cyber-risk approach as the basis for a cyber-risk buy down driven cybersecurity budget process.
• Schedule periodic (independent) security audits and establish a proactive, continuous penetration/vulnerability testing.
• Establish a strong ecosystem of external partners providing state of the art cybersecurity services.
• Choose and implement state of the art cybersecurity products.
• Definition of a business case for and implementation of “Cybersecurity as a project business sector”.
• Define and implement the project’s “Cyber Security Defense Center (CSDC)” strategy covering all critical assets (IT, IoT and OT).
• Manage the country central CSDC and respective processes (e.g. cybersecurity incident process)
• Work with the Education department to define and implement education programs making the company/project a global leader concerning cyber awareness of citizens and cyber expert talent pool.
• Define and conduct cybersecurity awareness trainings and communication across the country.
• Communicate best practices and risks to all parts of the Country

Requirements

BACKGROUND, SKILLS & QUALIFICATIONS
Knowledge, Skills and Experience
• The ideal candidate is an integrator of people and processes, a thought leader, a problem solver, an effective consultant and should possess solid domain competency across IT and I(OT) cyber resilience from management experience within complex (government) environments.
• 15+ year of proven leadership and management experience in complex organizational environment reporting to executive management
• 15+ years of experience in IT and OT cyber resilience and risk management
• 15+ years of experience in managing (cybersecurity) operations organizations
• 15+ years of experience in working with regulators / government bodies
• Proven track record in managing critical crisis situations
• Market recognition as strategic thinker and visionary with proven capability to translate vision into successful execution
• Ability to quantify, manage cyber-risk and understandably communicate cyber-risk to (business) executives
• Strong network within CISO community
• Proven track record of implementing C(I)SO organizations
• Deep knowledge of technology trends and cybersecurity market
• Knowledge of common information security management frameworks, such as ISO/IEC 27001 and NIST, country cyber strategies and cybersecurity/data privacy regulation
• Experience with contract and vendor negotiation/management
• 3rd party Risk Management experience
• Deep understanding of latest technical/organizational trends (e.g. Cloud, Blockchain, OT convergence, Agile) and respective cyber resilience implications
• Proven experience in managing global organizations
• Excellent written and verbal communication skills, and high level of personal integrity

Qualifications
• Bachelor degree in Computer Science / Engineering, Cybersecurity Certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), issued by ISACA, Certified Information Systems Security Professional (CISSP), offered by (ISC)2.

MAIN CONTACTS
Internal
• Executive leadership
• Sector BISOs and Management
• Data Privacy Officer
• Physical security team
• IT teams

External
• Local and global regulators
• Local and global government Agencies
• Cybersecurity forums
• 3rd party partners
• Global CISO community

About the Company

Established in 1997 in Hong Kong, ConnectedGroup is a regional executive recruitment and search consultancy with broad coverage across a full range of functional and industry specialisms, each serviced by dedicated teams. Our strategy is to continue to develop our offering as a ‘big boutique’ where we combine high levels of engagement and accountability with a comprehensive scope of delivery capability.

Our core services include; Retained Executive Search, Exclusive Contingent Search and Contingent Recruitment services for mid to senior permanent positions as well as Contract Staff and Interim Management services. We also engage with clients to deliver specialised and tailored projects such as volume recruitment and market mapping exercises.

Our mission is "to be remembered for exceeding expectations"​ which drives us to deliver outstanding levels of service and exceptional outcomes for clients and candidates, as well as meaningful careers for our team. We recruit and measure our employees against the values of being Candid, Creative and Connected which drives our open and transparent culture whilst encouraging new ideas and focuses us on internal communications that leverage greater benefits for our clients. At ConnectedGroup words such as 'respect'​, 'integrity'​ and 'professionalism'​ are not aspirational, they are prerequisite behaviours and are expected in all aspects of our work.