The CISO will play a critical role in redefining and firmly establishing the systems, processes, and procedures to protect and secure 7 assets and ensure compliance, including PCI, HIPAA, etc. The CISO will develop strong relationships with the business, product development, IT, HR, Finance, Cloud and be responsible for all aspects of Enterprise Cybersecurity and Internal Audit. The CISO and VP of Internal Audit will report to the General Counsel.
The Chief Information Security Officer (CISO) will be responsible for all aspects of Enterprise Cybersecurity and will play an integral role in the development of strategic plan for the protection of 7 all key IP Assets, Employee and Customer data. The CISO will guide the organization and leadership by recommending and prioritizing investments and projects that mitigate overall cybersecurity risks, strengthen defenses and reduces vulnerabilities. The role will also provide a dashboard that monitors 247 at the Geo and Global functional level compliance to the standards established by the CISO and in compliance with Global industry standards. The person will advise senior management and work with Sr Leaders in the GEO’s and Global Functions in the development, implementation, and maintenance of a company-wide information security infrastructure. CISO will manage a team and budget to ensure systems and process integrity, availability, confidentiality, accountability and assurance in all areas including, Network, Systems, Applications (web & internal), Data, Cloud, and Compliance including adherence to customer requirements
As the Vice President, Internal Audit (IA) the person will be responsible for innovating internal audit processes and enhancing the IA department’s activities. The person will also be responsible for leading and overseeing all aspects of our internal audit activities that encompass scoping, risk assessment, planning, execution, and reporting that drives results, accountability, and real value. This position will partner with and advise management including finance, legal, HR, GEO Heads, vendor risk management, Cloud, on ineffective and missing controls and compliance risks. This function will strive to enable a scalable and continuous risk management across 7.
The CISO and VP of Internal Audit will be responsible for:
- Enterprise global cybersecurity strategy and roadmap
- Quarterly Cybersecurity Council meetings
- Global regulatory compliance
- Timely publication of security dashboard, metrics & reports
- Monthly publication of Internal Audit metrics & reports and progress to resolving
- Publication of internal audit report and findings
- Global security training and awareness
- Comprehensive rollout of threat & vulnerability management program
- Review and sign-off information security architectures
- Protection of data and crown jewels
- Responses to one or more RFPs
- Manage customer audits
- Develop a vision and strategy for Enterprise Security and Cyber Risk Management that meets industry standards and Customer requirements
- Develop, implement and monitor strategic and comprehensive enterprise information security programs to ensure that the integrity, confidentiality and availability of information that is owned, controlled or processed by the organization thru a well orchestrated audit and inspection approach with thresholds established.
- Facilitate a dashboard with metrics and reporting framework that measures the efficiency and effectiveness of strategies and programs, facilitates appropriate resource allocation, and increases the maturity of global security at the Geo and Global Functional level.
- Create plans and constructs to prioritize security initiatives and spending based on appropriate risk analysis/ management and financial analysis considerations
- Develop, maintain and publish up-to-date information security policies, standards and guidelines ensuring 247 is compliant with key industry standards.Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users
- Provide regular reporting and risk mitigation actions (if any) on the current status of the information security program to senior business leaders and the board of directors as needed
- Identify appropriate industry assessments / certifications and champion compliance audits like HIPAA, GDPR, SOC 2, PCI-DSS, and SOX compliance.
- Lead the security and compliance track for M&A due diligence and integration activities
- Define standards and procedures for implementation and testing of Business continuity and Disaster recovery
- Provide guidance and advocacy regarding prioritization of infrastructure investments that impact security.
- Ensure process and procedures are defined and followed to ensure sites and computer systems are up to date relative to all operating systems, patches and virus protection software.
- Create and maintain road map which provides up to date security/information assurance program, architecture, certification and accreditation, operational security, incident management, security system implementations
- Lead investigation of security breaches with key stakeholders in 247 as well as with key local government agencies, and assist with disciplinary and legal matters associated with such breaches as necessary. Manage security incidents and events to protect corporate assets, consumer and stakeholder information, and the company's reputation
- Engage with outside consultants for independent security audits, as appropriate
- Monitor the external environment for emerging threats, and advise relevant stakeholders on appropriate courses of action
- Work with external agencies, such as law enforcement and other bodies, as necessary, to ensure that the organization maintains a strong security posture
Experience and Education Required
- Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. MBA is highly desirable
- 5+ years of experience as a Chief Information Security Officer
- 10+ years of executive management experience in IT Security
- Experience with a IVR, Chat, Big Data a strong plus
- Strong career path within Enterprise Security (Network, Systems, Application & Cloud security) and other aspects of IT & Operations at well-recognized organizations.
- Certifications required: CISSP or CISM
- Strong knowledge & prior experience with PCI compliance
- Prior experience in managing Cloud security is a strong plus
- Experience of managing security across organizations with global presence.
- Experience managing local and off-shore vendor consulting relationships.
- Proven record of delivering Enterprise Security Programs on time, within budget and at a high standard of quality
7 is redefining the way companies interact with consumers. Using artificial intelligence and machine learning to understand consumer intent, 7’s technology helps companies create a personalized, predictive and effortless customer experience across all channels. The world’s largest and most recognizable brands are using intent-driven engagement from 7 to assist several hundred million visitors annually, through more than 1.5 billion conversations, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth.