Chief Information Security Officer
Intralinks – Waltham, MA
Reporting to the EVP & Chief Product Officer, our CISO is responsible for establishing and maintaining the enterprise-wide security management program with the purpose of protecting company and client information and technical assets. In this position, you are responsible for identifying, evaluating and reporting on security risks, aligning security posture of the organization in a manner that supports effective protection of information assets, and managing and executing security controls in support of compliance and regulatory requirements.
As the next-generation CISO you will be implementing change and evolving processes, developing strategies and resource plans, participating in board-level discussions, communicating with the top Security and Risk professionals, and implementing the latest Information Security tools and processes that ensure protection of company assets.
The CISO will proactively work with business units to implement practices that meet defined policies and standards for information, and will serve as the process owner of all ongoing activities related to the confidentiality, integrity, and availability of customer, business partner, employee, and business information in compliance with the organizations Information Security policies.
Responsibilities:Develop, implement, and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the confidentiality, integrity, and availability of information owned, controlled, or processed by the company.Manage the day to day operations of the enterprises Information Security organization, including hiring, training, staff development, performance management, third party usage, and performance reviews.Assess risk and continuously perform gap analysis on the security controls and strategy and propose changes to decrease risk while improving protection of Intralinks customer data.Develop, publish, and maintain comprehensive information security standards, policies, procedures and guidelines.Manage security incidents and events to protect corporate IT assets, and act as the primary corporate control point during follow-up on significant information security incidents. Oversee development of response plans and provide timely update reporting.Advise the management team on risk issues that are related to information security and recommend actions in support of the company s wider risk management programs.Facilitate the Risk Committee meetings with the management team as a continuous visibility of Intralinks Risk posture and maintain Intralinks responsibilities within its certification frameworks such as ISO 27001 and SOC2.Collaborate with Audit & Compliance, Human Resources, Legal counsel and the organizational network on matters of ongoing and planned operations, all compliance matters, investigation of security incidents, disciplinary and legal actions and required security audits.Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the company. Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the company on a timely basis.Conduct regular and ongoing monitoring of and reporting on company-wide compliance with information security standards and policies.Provide strategic risk guidance and advocacy for infrastructure investments and IT projects including project prioritization, and the evaluation and recommendation of technical controls.Evaluate opportunities to extend the scope, geography and/or business processes included in Intralinks certifications.Define, manage and respond to 3rd Party Penetration Testing.Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the security program, facilitate appropriate resource allocation, and increase the security maturity level of the company.
Qualifications :10+ years of progressive leadership experience in information security, including experience with SaaS and multi-tenant applications, Incident Response, managing audits and implementing processes and security controls to satisfy certifications such as ISO 27001 and NIST.BA, BS or Masters Degree in a computer science or information systems related discipline required. Masters in Business Administration is a plus.Experience with information system disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.Business system continuity planning, auditing, and risk management experience as it relates to information security.Demonstrated capability to consult with the executive leaders in the design, development and execution of a global strategy that integrates all areas of Facilities, Physical Security, Business Continuity, Information Security, Employee and Asset Protection, Technology and Risk Management.Familiarity with Information Security industry standards and best practices, as well as relevant frameworks and regulations (e.g. ISO, PCI DSS, HIPAA, GLBA, FISMA, NIST, CobiT, ISF).One of the Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is preferred.