RegScale [www.regscale.com] overcomes limitations in legacy GRC by bridging security, risk, and compliance through our Continuous Controls Monitoring platform. Our CCM pipelines of automation, dashboards, and AI tools deliver lower program costs, strengthen security, and minimize painful handoffs between teams. Achieve rapid certification for faster market entry, anticipate threats via proactive risk management, and automate evidence collection, access reviews, and controls mapping. Improve the Return on Investment (ROI) of existing tools by seamlessly exchanging data with our centralized CCM data lake, enabling continuous monitoring of security, risk, and compliance controls. Our customers report a 90% faster path to compliance certifications and a remarkable 60% reduction in audit preparation efforts, strengthening security programs and reducing costs.

The Information System Security Officer (ISSO) is a critical member of the Chief Information Security Officer's (CISO) team, acting as an interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers, and administrators within the IT organization. The ISSO translates the IT risk requirements and business constraints into technical control requirements and specifications while developing metrics for ongoing performance measurement and reporting. Furthermore, the ISSO coordinates the IT organization's technical activities to implement and manage security infrastructure and provides regular status and service-level reports to management. Performing in a leadership capacity, the ISSO utilizes a strong technical background and abilities to work closely with the rest of the IT organization and business management roles in aligning priorities and plans with key business objectives. While acting as an empowered representative of the CISO during IT planning initiatives, the ISSO ensures that security measures are incorporated into strategic IT plans and that service expectations are clearly defined. Additionally, the ISSO works with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance.

RESPONSIBILITIES:

• Collaborates with the Information Security team to develop security programs and projects addressing identified risks and business security requirements.
• Manages the analysis and assessment of the threat landscape, providing realistic overviews and ensuring compliance with various Cyber Security and Compliance frameworks.
• Provides security communication, awareness, and training for various audiences.
• Consults with IT and Information Security organizations to integrate security into hardware, application, and software processes.
• Implements technical controls to enforce security policies, maintains applicable policies and procedures, and ensures alignment with legal and regulatory requirements.
• Coordinates, measures, and reports on the implementation and effectiveness of security controls, while also guiding the Disaster Recovery Planning team.
• Monitors and enforces compliance with security policies, defines metrics and reporting strategies, and provides support for legal and regulatory compliance efforts.
• Participates actively in the Cyber Security Incident Response Team, acts as a liaison between industry peers and government agencies, and coordinates with the Avertium fusion center.
• Assists in the development and delivery of incident preparedness exercises, ensures execution of the incident response process, and actively monitors and researches cyber threats.
• Utilizes commercial intelligence providers to gain insight into hacker and fraudster activities, advises on emerging threats, and develops relevant intelligence briefings and reports.

SUPERVISORY SKILLS:

As a start-up, must be a self-starter who is able to work independently. Although initially there will be zero direct reports, as the company matures, this position must be able to reliably supervise subordinates' work and be a reliable mentor and team- builder. Ensures personnel have completed required compliance training and are adhering to all internal procedures and controls as it relates to policy, laws, regulations and Company Programs.  The incumbent provides training, planning, assigning, and directing work assignments and schedules; addressing complaints and resolving problems.

EDUCATION and/or EXPERIENCE:

• Bachelor's degree in Information Systems or equivalent work experience required.
• 7 years of IT experience, with 5 years in an Information Security role, required.
• 2 years of compliance experience in a supervisory capacity required.
• Experience working with law enforcement or other relevant government agencies preferred.
• Certified Information Systems Security Professional (CISSP) or Certified Information Systems Security Manager (CISM) certification preferred.