FlightSafety International | VP, Chief Information ...

Purpose of PositionThe VP, CISO is a key leadership role responsible for the enterprise Information Security & Risk program. This position leads all Information Security efforts in support of end-to-end security strategy, design, and operational support. The Information Security leader serves as the principal and accountable representative for the enterprise security roadmap and related matters, while building and delivering a highly collaborative working relationship with the end-user community as well as fellow technology and engineering teams. This role is both strategic and tactical, demonstrating strong technical capabilities in the risksecurity arena while also exhibiting strong leadership skills within the team and across adjacent functions. This role partners closely with Information Technology while providing leadership and guidance on security implementations, purpose and priority. This position reports to the Chief Information Officer.Tasks and ResponsibilitiesOversee the development, implementation, and maintenance of the security strategy, risk and governance framework, based on National Institute of Standards and Technology (NIST),that can scale across multiple regulatory controls, geographies, and internal business units to enable a culture of security throughout the enterprise• Create a metrics-driven culture using the appropriate methodologies, tools and communications practices.• Translate technical risks into interpretable organizational risks for a wide range of business and leadership audiences, including the Board and Senior Leadership Team (SLT)• Partner closely with the business and IT leadership to continually communicate on prioritized industry trends, threat groupsactors as well as emerging risks• Collaborate with IT teams within both FSI & NetJets to ensure that security practices are integrated into all systems and processes, balancing security requirements with business agility• Develop and implement security policies, protocols, and procedures to safeguard the company's data, intellectual property, and systems from internal as well as external cyber threats• Monitor the external threat environment for emerging threats, advising relevant stakeholders, and coordinating with external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security posture• Define and implement 1st and 3rd party risk assessment processes and controls for new technology platforms• Lead third-party security assessments for future and existing business partners• Work with cyber insurance carriers to implement long term strategic initiatives that comply with external industryinsurance requirements• Liaise with business control teams (i.e. Legal, Compliance, HR, Finance, etc.) and IT groups in the security analysis, design, and planning phases of IT and business-related projects to ensure practices are in line with organizational and regulatory policies• Partner on security tactics across DevOps, Architecture, and Engineering to ensure robust security engineering practices are in place• Establish a strong set of controls for SaaS solutions, enterprise cloud environments and cloud service provider platforms - such as Microsoft Azure, and others - and their embedded security as well as multi-cloud security management technologies• Ensure all security incidents are properly investigated, remediated and appropriately communicated• Lead internal and external security audits using a rigorous and repeatable methodology, security questionnaires, and provide consistent reporting of results• Interact with government regulators and auditors across multiple jurisdictions domestically or globally• Builds and leads a high-performing Information Security team; provides feedback & coaching to help team develop professionally and grow their skills• Travel as required• May perform other duties as assignedMinimum Education• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Business, or related field of study, required• Advanced degree, a plus• Related certification(s) required -Certified Information Systems Security Professional (CISSP), and Computer Information Security Manager (CISM), preferred - Certified Information Systems Auditor (CISA), or other• Security clearance requiredMinimum Experience• 15 years of relevant information security, risk, and technology experience• 7+ years' experience in a supervisory capacity• Experience operating in a matrixed organization supporting one or more business units or internal functions• Experience in strategic advisory that directly influences the organization's operating plan• Experience in project management and responsibility for an operating budget• Significant experience in managing third party relationships and suppliersKnowledge, Skills, Abilities• Excellent written and verbal communication skills with high emotional intelligence, including the ability to explain technical concepts to senior leaders, middle management, and individual contributors• Ability to independently collaborate across a broad spectrum or stakeholders and senior leaders in a matrixed operating environment to achieve mutually beneficial results• Collaborative ability to build rapport as a strategic partner, vertically within the function or business unit, as well as with senior leadership and other cross-functional teams• Demonstrated ability to adapt to changes rapidly, meet necessary timelines, and perform in a fast-paced work environment• Results-orientated with high drive to independently achieve objectives and formulate project plans or results from ambiguous directives• Problem solver with a focus on process, organization and detail orientation• Focus on continuous improvement with the ability to drive organizational change• Demonstrated experience in key areas of cyber security such as: secure coding techniques, penetration testing, vulnerability management, network administration, event management, forensics, threat management, identity access management, data loss prevention, governance, and risk management practices• Must demonstrate knowledge of common information security management frameworks such as ISOIEC 27001, ITIL, COBIT and NIST and an understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card IndustryData Security Standard• Familiarity with DoD cybersecurity policies, procedures, and frameworks, such as NISPOM, CMMC, NIST 800-53• Experience working with or within DoD environments, understanding the unique security challenges and requirements of defense-related information systems• Established familiarity with common security methodologies, tools, controls, and common security flaws that apply to software development including, but not limited to: Logging, Encryption, SAST, DAST, IDS, IPS, IAM• Strong understanding how technical controls can be applied to solve specific Information Security and risk problems• Demonstrated ability to define and articulate business impacts and risk to both technical and non-technical audiences• Strong ability to influence engineering teams and business partners on security and IT architecture and project roadmaps to effectuate positive and protective change for the enterprise• Demonstrated strength in the ability to motivate and lead a team of Information Security professionals • High regard for ethics; compliance with all company policies and procedures• Maintains regular and punctual attendance• Proficient in Microsoft Office suite or related software, in particular Excel, Word, PowerPoint and Outlook• Other software programs may be requiredFlightSafety is an Equal Opportunity EmployerVetDisabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Created: 2025-01-14