Crimson Hexagon

  • Chief Information Security Officer

    Job Locations US-MA-Boston
    Posted Date 4 weeks ago(4/24/2018 3:16 PM)
    ID
    2018-1336
    Category
    Accounting/Finance
  • Overview

    Crimson Hexagon helps global brands better understand their consumers. With instant access to the world’s largest volume of unstructured text and images across social, online public, and enterprise-held data sources, Crimson Hexagon’s AI-powered consumer insights platform allows clients to analyze audiences, track brand perception and campaign performance, and even detect competitive and market trends. Our clients include Anheuser-Busch InBev, Adidas, General Mills, Paramount Pictures, and Twitter. We’re a high growth software company headquartered in Boston with offices in Chicago, New York, San Francisco and London. Find us on Twitter and on LinkedIn.

     

    We are seeking a Chief Information Security Officer (CISO) to drive the strategy and implementation of a company-wide information security management program while protecting the business from security threats and cyber-hacking. The CISO will also ensure operational compliance with all standards and regulatory requirements (e.g. SOC2, ISO 270001, SOX, GDPR, PII, PCI, etc.) while liaising effectively with Crimson Hexagon’s clients, partners and stakeholders on security-related matters.

     

    This individual must have sound knowledge of business management and a working knowledge of information security technologies. This position will work cross-functionally to implement practices that meet defined policies and standards for information security, particularly within the context of a company with cloud-managed business operations. The CISO will also oversee  multiple risk management activities and projects defined by the CEO.

    Responsibilities

    • Develop, implement and monitor a strategic, comprehensive enterprise information security, compliance and risk management program.
    • Create, maintain and publish up-to-date information security policies, standards and guidelines; oversee the approval, training, and dissemination of security policies and practices.
    • Formulate, communicate and implement a process for vendor risk management.
    • Provide regular reporting on the current status of the information security program to Crimson’s senior business leaders.
    • Devise and enhance an information security management framework based on the following: SOC-2, International Organization for Standardization (ISO) 2700X, Sarbanes-Oxley Act (SOX), Personally Identifiable Information (PII), General Data Protection Regulation (GDPR).
    • Facilitate and conduct periodic security audits and testing.
    • Collect and prepare evidence for assessment, risk management, other security-related and regulatory activities.
    • Perform Data Impact Assessments.  Create and maintain processing activities records, data flows, data maps and related documentation.
    • Provide strategic risk guidance for product engineering projects, including the evaluation and recommendation of technical controls.
    • Liaise with Crimson Hexagon’s clients, partners and stakeholders on security-related matters, including security-related RFP responses and questionnaires.
    • Strategic partnership with IT.
    • Facilitate DPO responsibilities.

    Qualifications

    • Bachelor's degree in information technology, computer science, engineering, related technology field, or equivalent work experience.
    • Minimum of 12+ years of experience in a combination of risk management, information security and product engineering roles, with at least 5 years in a senior leadership role.
    • Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.
    • Proven track record and experience in developing, and managing, information security policies and procedures for companies that leverage cloud technologies such as Amazon Web Services (AWS) and / or offer Software as a service (SaaS) products with security commitments to clients and partners.
    • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
    • Strong project management, financial/budget management, and resource management skills.
    • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed