The Chief Security Officer (CSO) develops strategies that protect and defend the most valuable information technology assets of the organization, including physical security issues around office spaces, facilities, desktops and data centre equipment, as well as digital content and enterprise information systems. The CSO sets standards around security and develops procedures to reduce risk across the company, working in partnership with senior management and staff. The CSO also oversees incident response and communication about potential vulnerabilities to business leaders.
- Work with IT department staff to safeguard the company’s assets such as computer systems, electronic records and intellectual property.
- Aligns business and IT objectives with the security standards of the company, minimizing risk exposure
- Identify protection goals, objectives and metrics consistent with corporate strategic plan
- Identify products and services which can assist in the protection of corporate assets and information including firewalls, anti-virus, video surveillance, network security architecture, identity management software and more
- Manage and advise on the budget related to IT security spending and coordinate with IT department and other business units
- Establish a culture of information protection across the enterprise using tools and frameworks supported by industry standards
- Ensure security policies, products and procedures are in keeping with industry regulations and all relevant legislation
- Maintain relationships with local, state and federal law enforcement and other related government agencies.
- Establish practices to be used in pursuing and reporting breaches of IT security, working with legal counsel and law enforcement agencies.
- Liaise with auditors, regulators, vendors, outsourcers and other third parties as required.
- Post-secondary education in IT management, operations management with business management training
- Certified Information Systems Security Professional (CISSP)
- A proven track record in incident response, crisis management, and consensus-building across large organizations
- Deep understanding of business continuity planning, auditing, and enterprise risk management frameworks
- Deep understanding of Canadian laws and relevant industry regulations
- Proven expertise in IT security products, processes and procedures
- Experience in contract and vendor negotiation.