Director IT Security & Compliance / CISO

As a Director IT Security & Compliance / CISO, you will play a vital role in overseeing our organization's cybersecurity strategy, implementing and maintaining security measures to protect sensitive data and systems from unauthorized access, breaches, and cyber threats. You will be conducting risk assessments, developing security policies, and ensuring compliance with relevant regulations, while proactively monitoring and responding to potential security incidents; and will be acting as the organization's expert on cybersecurity defense and mitigation strategies.

What You Will Work On

• Security Strategy:
• Conduct comprehensive risk assessments to identify potential vulnerabilities and prioritize security needs.
• Develop and implement a comprehensive cybersecurity strategy aligned with business objectives.
• Establish security policies and procedures to govern data access, system usage, and incident response.
• Monitor emerging threats and trends in the cybersecurity landscape to proactively address potential risks.
• Security Operations and Monitoring:
• Monitor network activity, system logs, and security tools to detect suspicious behavior and potential breaches.
• Implement and maintain security infrastructure including firewalls, intrusion detection/prevention systems, endpoint protection, and vulnerability scanners.
• Conduct regular security audits and penetration testing to identify vulnerabilities and remediate issues.
• Incident Response:
• Develop and maintain incident response plans to effectively address security incidents.
• Investigate security breaches, contain damage, and implement corrective actions.
• Conduct thorough post-incident analysis to identify root causes and implement preventative measures.
• Communicate security incidents to relevant stakeholders in a timely manner.
• Security and Compliance and Governance:
• Ensure compliance with relevant cybersecurity regulations and industry standards (GSMA, ISO 27001, SOC2, FedRAMP, NIST).
• Conduct regular security awareness training for employees to promote good cybersecurity practices.
• Report on security posture and risk levels to senior management.
• Technology Evaluation and Implementation:
• Evaluate new security technologies and tools to enhance the organization's security posture.
• Implement and integrate new security solutions into existing infrastructure.
• Vendor Management:
• Evaluate and manage security risks associated with third-party vendors and service providers.
• Establish security requirements for vendor contracts and monitor compliance.
• Cross-functional Collaboration:
• Work with cross-functional teams to ensure proper implementation of IT Security policies and procedures.

How You Will Do Your Work

As a Director of IT Security and Compliance / CISO, how results are achieved is paramount for your success and ultimately results in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following competencies:

• Taking responsibility - being accountable, being committed, and accepting ownership for one's decisions, actions, and behavior.
• Adaptability - the ability to adjust your approach or actions in response to changes in your external environment.
• Consultative - takes an approach that focuses on building relationships with others, understanding their problems, and developing solutions through open-ended questions and active listening.
• Solution-oriented - identifies the source of a question or challenge and provides the right, or a better, way of doing things.
• Curious - the innate desire to learn, grow and understand.

In addition, all RiPSIM employees focus on aligning their behaviors to our core values:

• Excellence - Our work is our passion, and you will demonstrate attention to detail, pride, and the highest quality for every customer account and each company project.
• Transparency - We believe in being honest with ourselves and with our customers. You're willing to be open, trustworthy, and truthful in all company dealings. You do what you say and say what you'll do.
• Communication - No matter your level in the organization, we are a team. Each person has different strengths which make us strong collectively. Effective, constructive, professional communication is critical in driving our business forward. Help and be kind to each other every day.
• Curiosity - You ask open questions and are receptive to thoughts and feedback from others. You will question the status quo and strive to provide creative solutions to change and improve the product, the company, and the eSIM industry.
• Innovation - Learning by failing is the way we grow. You shouldn't be afraid of failure if we're innovating, learning, and moving forward. You will push yourself to try new things both personally and professionally, and share lessons learned with your peers. Quick issue identification and escalation to reach a resolution sooner is a best practice.
• Flexibility - We are a start-up where a positive attitude, enthusiasm and flexibility is both cherished and required. You're willing to wear many hats to get things done.

Essential Qualifications

• Bachelor's degree in computer science, Information Technology, or a related field. Relevant work experience may be considered in lieu of bachelor’s degree.
• Proven experience in cybersecurity management, including hands-on experience with security tools and technologies.
• Strong understanding of network security, threat analysis, and vulnerability management.
• Excellent leadership and communication skills to effectively collaborate with cross-functional teams.
• Knowledge of relevant cybersecurity regulations and compliance requirements.
• Relevant certifications like CISSP, CISA, CISM, or OSCP are preferred.

Preferred Skills Qualifications

• Experience in managing and comprehensive enterprise-wide Information Security and IT Risk Management programs in the Mobile Communications industry with focus on eSIM Technology.
• Experience working with GSMA compliance and accreditation.
• Experience with IT Security policies and procedures for On-premises and Cloud environments.
• Certified CISSP, CISA, CISM, or OSCP within the past 24 months.

Job Type: Full-time

Pay: $140,000.00 - $160,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Flexible spending account
• Health insurance
• Paid time off
• Vision insurance

Compensation Package:

• Bonus opportunities

Schedule:

• Monday to Friday

Work Location: In person