Chief Security Officer (Chicago based fortune 100 company)

My name is Mark Kolar and I am an executive recruiter with Harmer Associates. We are currently working on a senior role for a CSO for our client. A Chicago based furtune 100 company.

If you are interested in this role, feel free to contact me via email at mkolar@harmer.com

Thank you for your consideration.

Mark Kolar
Harmer Associates
Specializing in Placement of
Information Systems, Finance, Accounting, and Human Resources (312) 407-7180
www.harmer.com

Information Security Director (CSO)
The Information Security Director directs, coordinates, plans, and organizes information security activities throughout the company. He or she acts as the focal point for all communications related to information security, both with internal staff and third parties. The Information Security Director works with a wide variety of people from different internal organizational units, bringing them together to manifest controls that reflect workable compromises as well as proactive responses to current and future information security risks.

Responsibilities and Duties
The Information Security Director is responsible for envisioning and taking steps to implement the controls needed to protect both Our client information as well as information that has been entrusted to Our client by third parties. The position involves overall responsibility for information security regardless of the form that the information takes (paper, CD or floppy disk, audio tape, embedded in products or processes, etc.), the information handling technology employed (mainframes, microcomputers, fax machines, telephones, local area networks, file cabinets, etc.), or the people involved (contractors, consultants, employees, vendors, outsourcing firms, etc.).

Threats to information and information systems addressed by the Information Security Director and his/her staff include, but are not limited to: information availability, information corruption, unauthorized information destruction, unauthorized information modification, unauthorized information usage, and unauthorized information disclosure. These threats to information and information systems include consideration of physical security matters only if a certain level of physical security is necessary to achieve a certain level of information security (for example, as is necessary to prevent theft of portable computers).

Detailed responsibilities of the Information Security Director can be grouped into three main areas, Management, Operations and Communications. Effort estimates associated with each of these responsibilities groups, as will as most major detailed tasks are identified below:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Security Management (about 50% of responsibilities) Creates a strategic information security plan with a vision for the future of information security at Our client (utilizing evolving information security technology, this vision meets a variety of -objectives such as management's -fiduciary-and-legal-responsibilities, customer expectations for secure modem business practices, and the competitive requirements of the marketplace)

Establishes and maintains strong working relationships with the groups influencing and supporting the company's information security program (Legal, Internal Audit, Human Resources, Physical Security, Information Security Committee, etc.)

Establishes, manages, and maintains Organizational structures with those responsible for information
security; these responsible parties include individuals within our client’s departments (such as Local Information Security Coordinators) as well as Our business partners (outsourcing firms, consulting firms, etc.)

Examines information security from a cross-organizational viewpoint including Our client's participation in extranets, electronic data interchange (EDI) trading networks, ad-hoc Internet commerce relationships, and other new business structures, and makes related recommendations to protect information and information systems

Obtains top management approval and on-going support for all major information security initiatives
at Our client

Provides technical support consulting services on matters related to information security such as the
criteria to use when selecting information security products

Partners with HR to perform management and personnel administration functions associated with our client's Information Security Department (coaches employees, hires and fires employees, disciplines employees reviews employee performance, recommends salary increases and promotions, counsels employees, establishes employee task lists and schedules, trains staff etc.)

Security Operation (about 25% of responsibilities) Performs and/or oversees the performance of periodic risk assessments that identify current and future security vulnerabilities, determines what level of risk is acceptable to management, and identifies the best ways to reduce information security risks to this acceptable level

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Assists with the establishment and refinement of procedures for the identification of Our client information assets as well as the classification of these information assets with respect to criticality, sensitivity, and value

Designs and manages business processes for the detection, investigation, correction, disciplinary
action, and/or prosecution related to information security breaches, violations, and incidents

Directs the preparation of information systems contingency plans and manages worker groups (such as Computer Emergency Response Teams or CERTS) that respond to information security relevant events. This includes the ownership of post mortem analyses of information security breaches, violations and 'incidents to illuminate what happened and how this type of problem can be prevented in the future

Periodically initiates quality measurement studies to determine whether the information security
function at operates in a manner consistent with standard industry practices (these
include customer satisfaction surveys, benchmarking studies, peer comparison efforts, and internal
tests)

Stays informed about-the latest-developments in-the-information security field,-including new - products and services, through on-line news services, technical magazines, professional association memberships, industry conferences, special training seminars, and other methods

 Security Communications (about 25% of responsibilities) Acts as the central point of contact within Our client for communications dealing with information security problems, issues, and concerns

Coordinates and directs the development, management approval, implementation, and promulgation of objectives, goals, policies, standards, guidelines, and other requirements needed to support information security throughout Our client as well as within business networks (such as extranets)

Coordinates the information security efforts of all internal groups which have one or more information security-related responsibilities, to ensure that organization-wide information security efforts are consistent across the organization, and that duplication of effort is avoided

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Coordinates internal staff in their efforts to determine information security obligations
according to external requirements (contractual, regulatory, legal, ethical, etc.)

Develops action plans, schedules, budgets, status reports and other top management communications intended to improve the status of information security at Our client

Brings pressing information security vulnerabilities to top management's attention so that immediate remedial action can be taken

Represents Our client and its information security related interests at industry standards committee meetings, technical conferences, and the like

Qualifications:
• Bachelors degree in Computer Science or Information Systems,
Masters degree/MBA preferred
• 8+ years of real world experience with enterprise based
information security
• Certified Information Systems Security Professional (CISSP)
Received on Thu Apr 24 17:10:35 2003