Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is the main responsible role for the information security at VSHN.
Duties
- Own (be responsible for)
-
-
Develop and enhance VSHN’s Information Security Management System (ISMS).
-
- Be
-
-
Strategically and tactically responsible for the information security in VSHN.
-
Responsible for maintaining and monitoring the ISMS.
-
The go-to person for customer’s questions about information security.
-
- Define
-
-
Policies regarding information security.
-
Processes to identify and mitigate information security threats.
-
- Plan
-
-
Awareness training, and general ISMS education sessions.
-
Audits regarding the ISO 27001 certification.
-
Audits regarding the ISAE 3402 report.
-
Regular meetings for Information Security Management Work Group.
-
- Coordinate
-
-
Reporting of the state of information security to the Board.
-
Tickets regarding information security with all teams.
-
Handling of information security incidents and threats.
-
- Control
-
-
All processes in the ISMS (for example, information security process).
-
The company’s risk management system.
-
Out of Scope
A CISO isn’t:
-
The role necessarily working on the technical implementations of security measures.
-
The legal and compliance department of the company.
-
Part of the Management Work Group.
Requirements
The role is appointed by Management and reporting to the Board. The CISO should have:
-
A degree or apprenticeship in computer science.
-
Alternatively, equivalent professional experience.
-
-
Knowledge in ISO 27001/27002 standards.
-
Experience in the development and operation of the IT systems to be certified.
-
Experience in risk assessment and risk management.
| Missing competences or experience can be provided by an external consultant. |