Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is the main responsible role for the information security at VSHN.

Duties

Own (be responsible for)
  • The overall responsibility of information security and its Information Security Management System (ISMS).

Be
  • Strategically and tactically responsible for the information security in VSHN.

  • Responsible of maintaining and monitoring the ISMS.

  • The go-to person for customer’s questions about information security.

Define
  • Policies regarding information security.

  • Processes to identify and mitigate information security threats.

Plan
  • Awareness training, and general ISMS education sessions.

  • Audits regarding the ISO 27001 certification.

  • Audits regarding the ISAE 3402 report.

  • Weekly ISMS meetings.

Coordinate
  • Reporting of the state of information security to the management.

  • Tickets regarding information security with all squads.

  • Handling of information security incidents and threats.

Control
  • All processes in ISMS (for example, information security process).

  • The company’s risk management system.

Out of Scope

A CISO isn’t:

  • The role necessarily working on the technical implementations of security measures.

  • The legal and compliance department of the company.

  • Part of the management team.

Requirements

The role is appointed by management. The CISO should have:

  • A degree or apprenticeship in computer science.

    • Alternatively, equivalent professional experience.

  • Knowledge in ISO 27001/27002 standards.

  • Experience in the development and operation of the IT systems to be certified.

  • Experience in risk assessment and risk management.

Missing competences or experience can be provided by an external consultant.