- Hire, train, and supervise a small, efficient, and effective information security team.
- Work closely with senior technology stakeholders to ensure appropriate security guidance to support product and service delivery.
- Develop, implement, and monitor a strategic and comprehensive information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by Facilisgroup.
- Develop, maintain, and publish information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate, and implement a risk-based process for vendor risk management, including assessing and treating risks that may result from partners, consultants, and other service providers.
- Develop and manage an information security budget.
- Create and manage information security, cyber security, and risk management awareness training for all employees and contractors.
- Work directly with various business units to facilitate IT risk assessment and risk management processes and work with stakeholders throughout the enterprise on identifying acceptable levels of risk.
- Provide regular reporting on the current status of the information security program to senior business leaders and the board of directors (as required).
- Create and manage a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.
- Provide strategic risk guidance for SaaS product development, including the evaluation and recommendation of technical controls.
- Ensure that all security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on appropriate courses of action.
- The ability to influence at senior levels on matters relating to security and information risk.
- Good verbal and written communication skills and able to communicate effectively at all levels.
- Ability to manage time and priorities appropriately.
- Positive attitude towards learning and development demonstrated by a record of continuing professional development.
- Experience working with SaaS or Software Development organizations.
- CEH Certification.
- Good working knowledge of ISO 27001.
- Good working knowledge of SOC 2 and its audit process.
- A bachelors degree in a computer or technology-related field.
Education & Experience:
- CISSP Certification.
- A minimum of 7 years of IT experience.
- At least five years in an information security role.
- At least two years in a supervisory/management role.