As our Chief Information Security Officer (CISO), you will have the opportunity to guide our information security and data privacy initiatives and support our growth utilizing your extensive experience, knowledge, expertise, and hands-on skills.
What you’ll be doing:
- Design and develop an information security and data privacy program roadmap to align and scale with company growth
- Develop best practices and security standards for the organization including preparing and documenting standard operating procedures and protocols
- Lead security assessment and testing processes, including but not limited to penetration testing, vulnerability management, and secure software development
- Develop and extend security tooling and automation efforts across the organization
- Proactively identify security issues and potential threats and continuously build processes and design systems to watch for and protect against them
- Lead compliance activities including external audits, regulatory compliance projects, and overall information security reviews
- Communicate infosec and data privacy operational goals, direction, and business impact to stakeholders
- Interface with outside stakeholders including our customers, partners, compliance agencies, and regulatory and legal authorities
- Provide strategic risk guidance and consultation, including the evaluation and recommendation of technical standards and controls
- Establish and implement a process for incident management
Requirements:
- Proven 5+ years of information security management experience
- A bachelor’s degree in computer science, cyber-security or a related field
- Certified Information Systems Security Professional (CISSP) accreditation and/or CISA is desirable.
- Proficiency in compliance implementation and management related to risk management frameworks including COBIT, ITIL, ISO27001/2 and NIST and SOC2
- Experience in security assessment, cloud architecture, application threat modelling, policy writing
- Proficiency in compliance implementation and management
- Strong understanding and experience with Secure SDLC and DevSecOps or security automation
- Able to confidently engage with our customer’s Data Privacy and Info Sec representatives
- Capable of understanding and communicating the business impact that infosec operations have on the organization
- Compliance skills in relation to key legislations such as the Health Insurance Portability & accountability Act (HIPAA), The Sarbanes-Oxley (SOX) Act of 2002, Payment Card Industry (PCI), General Data Protection Regulation
As a plus:
- ISO27001 auditor or implementer
About Windmill
We design & build digital product experiences which delight. Windmill is a product delivery company dedicated to delivering impactful digital products and solutions that resolve modern challenges. Our clients range from start-ups to multinational banks and corporations. And we build our own products too as part of Windmill Ventures.
We’re a global operation headquartered in Switzerland, with employees based in the UK, USA, Portugal, Ukraine and India.
What we offer
- Flexibility to work from where, when, and how you like. As long as you meet the requirements of your role and are available for key meetings, the how is up to you
- Competitive compensation and benefits
- Working as part of a diverse, international team
- Interesting tasks and challenges, where you can be creative and take ownership
- Opportunities for career enhancement
- Regular reviews supported by our HR team aligned with promotional cycles
Equal Opportunities at Windmill:
Windmill Digital is an equal opportunities employer that strongly believes in workplace diversity. We consider all applicants regardless of their age, religion, ethnicity, sexual orientation or disability.
Think you’d be a good fit for the role? Send us your CV and have a chat with one of the team.
For more information, please visit our company website: https://www.windmill.digital.