Under the direction of the CIO, the Chief Information Security Officer (CISO) is responsible for the development and delivery of a comprehensive security and privacy program for Frontline Technologies. The scope of this program is company-wide, and includes information in electronic, print and other formats. The purposes of this program include: to assure that information acquired, created or maintained by Frontline is used in accordance with its intended purpose; to protect Frontline and Frontline client information and its infrastructure from external and internal threats; and to assure that Frontline complies with statutory and regulatory requirements regarding information access, security and privacy.
The scope of this position includes all SaaS and corporate related operations, infrastructure and data.
Position Duties, Responsibilities and Competencies:
Coordinate the development of Frontline information security polices, standards and procedures. Work with key internal departments in the development of such policies. Ensure that company policies and practices support compliance with external requirements. Oversee the implementation of policies, standards and procedures across all of the Frontline departments and locations.
Education and Training
Coordinate the development and delivery of an education and training program on information security and privacy matters for Frontline employees.
Compliance, Enforcement and Official Company Contact
Act as the CIO's designee representing Frontline on Information Security matters; serve as the company contact for external auditors and agencies on security and privacy matters.
Serve as the company compliance officer with respect to company, state and federal information security policies and applicable regulations including FERPA, FIPS and COPPA frameworks.
Develop and maintain an Incident Reporting and Response System to address company security incidents (breaches), respond to alleged policy violations or complaints from external clients. Serve as the official company contact point for information security and privacy incidents, including relationships with external law enforcement agencies.
Risk Assessment and Incident Prevention
Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing.
Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities important to Frontline Technologies and its mission.
· The emphasis on this position is in policy development, program administration and compliance.
· A high degree of technical proficiency is required for successful fulfillment of this role.
Additional expertise will be provided in support of this position from other departments such as development and operations.
· Minimum of 10 years of experience in information security, information technology or related field. Working knowledge in the policy and regulatory environment of information security, especially in the education and SaaS domains are desired.
· Excellent project management, written and oral communications skills desired.
· A demonstrated ability to collaborate is mandated.
Education:Bachelor's degree is required, advanced degreepreferred