Web3 Deputy CISO

Job at CoinFlip


Full time

The deputy chief information security officer (CISO) reports to the CISO and is responsible for day-to-day operations to support and augment the CISO's overall responsibilities. The Deputy CISO is an advanced technical role in supporting the entire cybersecurity program. This individual provides leadership, executive support, strategic and tactical guidance, and complete execution for a world-class cybersecurity program supporting global enterprise security initiatives. As directed by the CISO, the deputy CISO supports and reports on strategic planning and execution of enterprise security systems, applications, and operations. The deputy CISO will lead an adaptable and secure business-supporting cybersecurity team, in addition to collaborating with technical team members such as software developers, system administrators, and network engineers. Responsibilities: Provide recommendations to the CISO on information security standards and best practices for IT projects. Assist the CISO to oversee and manage the effectiveness of the state’s security program. Coordinate with business partners to resolve complex or highly sensitive IT issues. Provide advice to operating units at all levels on information security issues, recommended practices, and vulnerabilities. Develop and deploy the security program for assigned areas to ensure policies, procedures, and objectives are closely aligned with those of the state. Assist in the development of metrics to measure the efficiency and effectiveness of the security program. Assist the CISO in strategy development and managing the information security program, focusing on security risk assessments; risk management (including risk prioritization and mitigation); education and awareness. Work with the CISO to ensure there is an appropriate allocation of budgeted funds within assigned units so that the highest priority projects have sufficient monetary resources to be completed in a timely and efficient manner. Ensure policy and risk controls are in place, updated when necessary, and risks are communicated to the appropriate business owners. Direct the incident response planning and management of security incidents and events to protect State IT assets (e.g. information, critical infrastructure, intellectual property, and reputation) in addition to investigations of security breaches, and assist with disciplinary and legal matters associated with such breaches, as necessary. Provide oversight on vulnerability management, including, but not limited to maintaining a centralized scanning environment, identifying scan targets (hardware and web applications), listing and schedule scans, and working with target owners to remediate identified vulnerabilities. Lead the disaster recovery program, including, but not limited to auditing and testing recovery plans, promoting the importance of disaster recovery and continuity planning to agencies, and the performance of business impact analyses. Qualifications: Bachelor’s degree in a relevant discipline. A Master’s degree in Business Administration, Information Science, Information Assurance or Policy & Risk Analysis is a strong plus. CISSP Certification is required; Additional CRISC, CISM, GSLC, and DEPUTY CISO certifications are favorable credentials as well. Minimum of 8 years experience leading global information security programs and applying information security, risk management, and privacy practices. Minimum of 8 years of practical experience designing and implementing enterprise information technology security; demonstrates industry-leading security innovation skills and an eye towards understanding the threat environment from a preventative posture. Proven experience interfacing with senior executives at the Board of Directors and business leader level and communicating complex cyber security concepts in business-relevant ways. Strong demonstrated knowledge of enterprise systems, cloud solutions and IT/security technologies. Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning. Business system continuity planning, auditing and risk management experience as it relates to information security. Extensive experience in strategic planning, budgeting and allocation. Excellent written and verbal communications skills with experience presenting to executives and leadership teams with the ability to communicate security and risk-related concepts to technical and non-technical audiences. Very strong business analysis skills, problem solving techniques, and follow-up. Experience working with global teams based in Canada, Australia and the United States. Minimum of 5 years of practical experience working with information privacy and security laws (such as PCI-DSS, GLBA, FIPS, and data breach reporting laws), generally accepted information security principles and accepted industry practice. Experience working with GxP and HIPAA regulations. This role is required to be in-office five days per week Nice to Have: Basic knowledge of cryptocurrency and blockchains General passion and knowledge of fintech and crypto Working at CoinFlip means collaborating with experienced and innovative leaders who share a clear vision and a track record of success. We offer a collaborative and positive working environment where we encourage employees to balance productivity with time to recharge. Compensation is above and beyond a typical “startup” — we offer competitive salaries, performance-based incentives, and competitive benefits for full-time employees. CoinFlip values diversity in the workplace and is an equal opportunity employer committed to providing an inclusive and accessible work environment. We thank all candidates who apply, but only those selected for an interview will be contacted. By applying to this role, you give express consent to CoinFlip to send you informational text (SMS) messages regarding this role and the application process. You can cancel the SMS service at any time by replying "STOP" to the text message you received. If at any time you forget what keywords are supported, just reply "HELP." Message and data rates apply. If you require special accommodation, please let us know and we’ll work with you to meet your needs.

Company: CoinFlip

Website: Company's website

Skills: securitycryptoblockchainoperations

Please support us by letting CoinFlip know that you found the job on Aworker. Thank you🙏


web3 jobs

Join 0+ people getting web3 jobs in their inbox