CISO Strategy SME
CISO Strategy Expert
This client is roughly 1 billion in size. They need a very strong Cybersecurity expert, likely a former CISO to come in for several weeks and help the organization get develop and document a long-term security plan for the future. They currently have things stable and in order for what they are doing, but they need help with following concept; “ With things generally in order, how do we go forward, get organized, deploy things, handle actual breaches, etc. We have a strategy to maintain, but not really grow and we are not sure what is required without breaking the bank”. This role is for someone that can come in and get into the trenches with folks across IT, compliance, the 3rd party Security partners, engineers, and executives. This person will look to build a plan based on findings that they can use as a blue print to get started with where to go with things outside of what they have already accomplished.
This organization does not have a CISO, SOC, or SIEM tool. They have partners for PCI compliance, and audits, NIST audits, system monitoring, penetration testing, and additional threat mitigation. They are using Verizon for much of this but, also have several smaller partners. As an organization they have an internal IT team, small security/cyber team (less than 5), network engineers, infrastructure, etc. They run SAP, MS 365 applications, IBM technologies, several cloud systems, Cisco, Palo Alto, various websites, firewalls, malware, extensive ecommerce systems, and a variety of other technologies.
For this role the person needs to understand how to take a company that already has taken a number of steps to protect themselves but help them to actually develop a long-term strategy with directions of how to support themselves, clean certain things up, and not over invest. They need to build off of has been accomplished, but do not have to go further subjects from compliance, to incidents, and more. There are several questions for them that they are focused on that this plan will answer;
- As a company how do we manage to make a plan for going forward as a 1-billion-dollar company and growing?
- How do we execute when there is a breach accordingly and what do we do to mitigate it?
- How do we maintain compliance?
- What tools can we use to mitigate our risk based on what we do?
- How do we handle identity theft, political hacks, emails being stolen and used, etc.?
- Are there simple tools for vulnerability fixes?
- What is the breach policy, how do we prevent and react after if there is one?
- What policies do we have that need to be changed, once reviewed?
- How do we report the state of our security program and data integrity?
- Do we need a SIEM tool?
- How do we create a strategy based on what we have done, without just undoing everything?
- How do we take what we have done, plan for the future, without breaking the bank?
This person needs to have hands on experience within companies in the 1-billion-dollar range. If they have focused in on manufacturing, wholesale, and retail that would be ideal. They need to have the experience of being a CISO and need to have created plans/strategies addressing the things listed above. This is a hands on role, this is not meant to be an instance of taking an old PowerPoint and adjusting. They do not need to have worked with every technology listed above but need to have worked in an environment as described above. This organization has don enough to be safe for the most part but needs this expert to get into the weeds and pull all the information together to create a strategy. They will need excellent documentation skills, experience with C levels, working with engineers, and need to be a career focused Cybersecurity expert.
The plan they create will be something used as a guideline on how to move forward. They will work with all areas of security and compliance to gather facts and must be able to articulate how to help bring the company forward within this space. This role really needs someone that has “ done it all” so they have the level of knowledge to walk the company through what to do and leave behind the appropriate documentation to then be executed.
- CISO level experience at companies roughly 1 billion in size
- Longterm Cybersecurity strategy plan creation
- Experience communication with all levels of employees, engineering to Execs
- Cybersecurity assessments
- Experience answering ALL of the questions listed above
- Well spoken, organized, great with documentation
Job Type: Contract