Chief Information Security Officer

Job posting for dotcms the worlds leading open source java content management system

Chief Information Security Officer

Job Type Full Time Employee
Location Miami, FL / Telecommute
Education Bachelors

dotCMS Services LLC (dotCMS) is the independent software vendor behind the award-winning dotCMS Enterprise Java Content Management System. dotCMS maintains a robust agile software development program with several well-staffed teams of dedicated developers.

In addition to software development, dotCMS is a cloud service provider hosting the dotCMS software in partnership with Amazon Web Services (AWS). dotCMS has been a cloud-native company utilizing AWS infrastructure since early-cloud-adopter days to provide an enterprise-class optimized dotCMS experience for clients of all sizes in disparate market segments.

Core Duties

  • IT risk analysis/management
  • Sec program management (policy & procedure)
  • Compliance (measure progress, coordinate audit)
  • DR/BC
  • Training
  • Sec Incident response coordination
  • Product & platform security controls/audit

Responsibilities

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets and employees are adequately protected. This position is responsible for identifying, evaluating, mitigating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

The position requires a leader with sound knowledge of business processes and a broad understanding of information security technologies and threats. The CISO will proactively work with internal and external stakeholders to implement a strategy and practices that meet defined policies and standards for information security. He or she will also oversee a variety of security related risk management activities, and will be skilled at finding compromises that meet the letter and spirit of security requirements while still enabling workplace agility and efficiency. A key element of the role is working with executive management to determine acceptable levels of risk for the organization. The CISO must be highly knowledgeable about the business environment and ensure that information systems are maintained in a fully functional, secure mode.

The CISO will:

  • Be responsible for Information Security Program development and implementation including
    • Identifying protection goals, objectives and metrics consistent with organization’s strategic plan
    • Incident response program development
    • Security awareness program development
  • Determine the acceptable level of information security risk in conjunction with senior management. Advise management on information security risks and and collaborate with them to establish the appropriate course of action.
  • Conduct threats and vulnerability assessments to properly analyze the risks to information security and determines appropriate measures to effectively manage those risks
  • Work with management to prioritize security initiatives and spending based on appropriate risk management methodology
  • Manage the investigation of security breaches or potential breaches and assist with disciplinary and legal matters associated with such breaches
  • Implement and manage ongoing internal security auditing programs
  • Work with outside consultants as appropriate for independent security audits
  • Develop, publish, and maintain compliance with information security policies
  • Assist with and coordinate IT business continuity and disaster recovery planning
  • Maintain deep knowledge of legal requirements and market standards of information security

Qualifications

  • 7+ years experience in information security, with at least 2 in a security management role
  • Information security leadership designation at a prior institution of similar scope and scale (ISV and/or SaaS provider)
  • Knowledge of applicable US and international laws and regulations as they relate to the Information Risk and Information Technology Risk
  • Experience managing internal and external audit and compliance programs (ISO 27001, SOC 2, or NIST 800-53 preferred)
  • Advanced technology background
  • Experience in implementing strategic plans and policy development
  • Knowledge of business processes, management, and budgeting
  • Experience leading DR/BC and incident response program development and/or maintenance  
  • Comfortable working in a distributed workplace with all-cloud technology infrastructure
  • A university degree in Information or Technology Management or Risk Management or equivalent work experience
  • GCCC, CISM, and/or CISSP

Skills

  • Expert written, oral, and interpersonal communication skills with the ability to present information at an audience-appropriate knowledge level
  • Advanced knowledge of web application request/response/data model, and applicable security vulnerability classes and mitigation measures
  • Proficient in all aspects of information security such as firewalls, multifactor and advanced authentication systems, vulnerability scanning, malware detection and prevention, system hardening, encryption (at rest and in motion), PKI design and operation, SEIM systems implementation, auditing configuration, and reporting
  • Desire to work in a virtuous cycle SecDevOps environment
  • Experience in the use of open source software in the InfoSec space
  • Proven ability to successfully partner with internal clients, external clients, and vendors to align strategy with deliverables, identify business challenges and develop alternatives to mitigate gaps
  • Enjoys working in a fast-paced, team-oriented, collaborative environment that embraces change
  • Ability to apply change management principles appropriately to initiatives of variable sizes and degrees of complexities
  • Ability to assess the impact or potential impact of change management initiatives of various sizes and degrees of complexities on business financials and performance
  • Self-motivated, self-directed, attentive to detail, and able to multitask

Compensation

This is a full time position. Target compensation $130k-$150k. We offer a competitive benefits packages. To apply send a resume, cover letter, and samples to: jobs@dotcms.com

Back to Job Listings