CISO

About the job

EDX is seeking a Chief Information Security Officer to lead the implementation and ongoing improvements to the firm’s security program. In this role you will closely partner with teams across the firm in order to incorporate security principles, best practices and controls as a first class citizen into every day workflows, tools, and technology. You will play a critical role safeguarding sensitive information, ensuring compliance with industry regulations, and fostering a culture of security awareness across the organization.

Responsibilities:

• Strategic leadership for building a roadmap and execution of security initiatives
• Grow and lead high performance security team
• Adherence to frameworks and standards (NIST or other relevant frameworks such as ISO27001/27002, CIS, and COBIT)
• Contribute to Risk Management program by identifying risks, impacts, and compensating controls
• Responsible for leading incident response, conducting tabletop exercises, and ensuring appropriate tools and controls are in place

Experience:

• Demonstrated success in a CISO or equivalent senior security role
• Bachelor's degree in computer science, Information Technology, or related field
• Relevant security certifications such as CISSP, CISM, CISA, and/or other industry-specific certifications.
• Real world experience leading and conducting incident response
• Identifying security risks and developing strategies to mitigate them while balancing business needs within a regulated industry
• Experience collaborating with compliance teams to align security strategies with regulatory requirements and undergo audits successfully (e.g. SOC 2 Type 2)

Skills:

• Implementation of firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, encryption solutions, secure coding practices, and identity and access management (IAM) systems.
• Deep understanding of network protocols, architecture, and segmentation to ensure secure network design and communication. Knowledge of VPNs, secure remote access, and network segmentation techniques.
• Hands on implementation of security information and event management (SIEM) systems for real-time threat detection and response.
• Hands on experience securing services in the cloud(e.g. EKS, RDS, KMS, WAF, etc)
• Excellent interpersonal and communication skills, enabling you to articulate complex security concepts to non-technical stakeholders.
• Proven ability to collaborate cross-functionally with IT, legal, compliance, and executive teams to influence security decisions.