Chief Information Security Officer (CISO)

Total-TECH Co

The Job Description

• Develop and execute the organization s information security strategy aligned with business goals.
• Design, implement, and maintain enterprise-wide security programs, policies, and standards (NIST, CIS, ISO, COBIT frameworks).
• Lead incident response, threat intelligence, and business continuity planning efforts.
• Manage regulatory compliance, including GDPR, HIPAA, PCI-DSS, CCPA, and local data protection laws.
• Oversee third-party/vendor security assessments, cloud security, and identity & access management.
• Conduct risk assessments and provide actionable recommendations for security investments.
• Build and lead a high-performing security team, ensuring training, awareness, and skills development.
• Collaborate with executive leadership to translate technical risks into business impact for boards and stakeholders.
• Establish security governance, SOPs, and DOA frameworks, ensuring organizational adherence to best practices.
• Manage security budgets, procurement, and vendor evaluation.
• Stay abreast of the latest cybersecurity threats, technologies, and best practices to maintain organizational resilience.

Requirements:

• Education: Bachelor s degree in Computer Science, Information Systems, Cybersecurity, Computer Engineering, Network Engineering, or related discipline.
  Master s degree preferred (Cybersecurity, IT Management, or MBA with technology focus).
• Certifications (required/preferred): CISSP (Certified Information Systems Security Professional) (ISC)
  CISM (Certified Information Security Manager) ISACA.
• CRISC (Certified in Risk and Information Systems Control).
• ISO/IEC 27001 Lead Implementer or Auditor.
• CGEIT (Certified in the Governance of Enterprise IT).
• Optional: CEH, GSEC, OSCP for technical credibility.
• Experience: 10 15 years in IT or cybersecurity roles, with 5 7+ years in leadership positions.
  Proven track record in enterprise security program design, implementation, and governance.
• Experience managing cross-functional teams and multiple cybersecurity domains.
• Skills & Competencies: Strategic mindset with ability to align cybersecurity with business objectives.
  Strong executive communication skills for board and C-suite engagement.
• Risk-based decision-making and prioritization in complex environments.
• Crisis leadership and ability to manage security incidents under pressure.
• Budget management and vendor evaluation expertise.
• Awareness of SIEM/SOAR platforms (e.g., Splunk, Microsoft Sentinel) and endpoint security.
• Strong understanding of cloud security, identity/access management, and regulatory requirements.

Core Competencies

• Strategic Planning & Security Governance.
• Risk Management & Incident Response.
• Regulatory Compliance & Audit Readiness.
• Team Leadership & Talent Development.
• Communication & Stakeholder Management.
• Cybersecurity Program Development.
• Technology Evaluation & Implementation. br