Chief Information Security Officer

Job Description

Charles River Associates (CRA) is seeking a Chief Information Security Officer (CISO) to lead the development and implementation of an enterprise-wide information security program. The CISO will report to the Chief Information Officer and manage a team of security professionals, ensuring compliance with relevant laws and regulations. CRA is a global consulting firm that provides economic, financial, and business management expertise to major law firms, corporations, and governments.Responsibilities:

• Develop and implement an enterprise-wide information security program.
• Define and execute a security risk management program.
• Build and drive a cybersecurity strategy and framework.
• Evaluate and prioritize risks and emergent security threats.
• Coordinate IT Security Governance activities.
• Oversee information security incident detection, response, and recovery.
• Manage all teams involved in IT security.
• Lead a third-party oversight function.
• Oversee security awareness programs.
• Perform periodic information security-related risk analyses.
• Communicate security policies and procedures.
• Coordinate with legal and compliance.
• Maintain company certifications (SOC2, ISO27001 etc.).
• Manage client compliance program.
• Lead cybersecurity operation and implement contingency plans.
• Stay current with emerging security trends.

Requirements:

• Bachelor's Degree in Computer Science, Information Technology, Engineering, Cybersecurity, Mathematics, Business, or a related field.
• 10+ years of experience in evolving information security and IT roles.
• 3+ years’ experience as a Chief Information Security Officer.
• 5 years’ leadership/management-level experience with enterprise-level security programs, policy, and administration.
• Certified Information Systems Security Professional (CISSP) required.
• Deep understanding of cybersecurity principles, frameworks, standards, and best practices.
• Familiarity with relevant legal and regulatory compliance requirements.
• Knowledge of network architectures, including cloud security, firewalls, and intrusion detection/prevention systems.
• Knowledge of Cloud platforms, such as AWS, Azure, Google Cloud.
• Strong security architecture background.
• Strong understanding of information security principles, practices, and technologies.
• Excellent oral and written communication skills.
• Strong leadership skills.
• Strong sense of urgency, personal responsibility, accountability.
• Excellent organizational and time management skills.

The role offers:

• Opportunity to lead and develop an enterprise-wide information security program.
• Chance to work for a leading global consulting firm.
• Work location flexibility.