Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is the main responsible role for the information security at VSHN.

Duties

Own (be responsible for)
Be
  • Strategically and tactically responsible for the information security in VSHN in accordance with the North Star Goals.

  • Responsible for maintaining and monitoring the ISMS.

  • The go-to person for customer’s questions about information security.

Define
  • Policies regarding information security.

  • Processes to identify and mitigate information security threats.

Plan
Coordinate
  • Reporting of the state of information security to the Board.

  • Tickets regarding information security with all teams.

  • Handling of information security incidents and threats.

Control
  • All processes in the ISMS (for example, information security process).

  • The company’s risk management system.

Out of Scope

A CISO isn’t:

  • The role necessarily working on the technical implementations of security measures.

  • The legal and compliance department of the company.

  • Part of the management team.

Requirements

The role is appointed by Management and reporting to the Board. The CISO should have:

  • A degree or apprenticeship in computer science.

    • Alternatively, equivalent professional experience.

  • Knowledge in ISO 27001/27002 standards.

  • Experience in the development and operation of the IT systems to be certified.

  • Experience in risk assessment and risk management.

Missing competences or experience can be provided by an external consultant.