Chief Information Security Officer

This is a remote position open to applicants in the Detroit, MI metro area only.

THE OPPORTUNITY  

The Chief Information Security Officer (CISO) assumes a pivotal role in safeguarding the organization's information systems and data from potential security threats and breaches. With a focus on proactive risk management, the CISO develops, oversees, and coordinates the organization’s cyber and digital risk management program and policies, ensuring alignment with industry standards and regulatory requirements. The CISO is responsible for identifying, evaluating, mitigating, and reporting digital and cyber risks, thereby fostering a culture of proactive risk mitigation within the organization. The CISO will work towards protecting the organization from emerging threats and promote best practices in cybersecurity while maintaining agile development and infrastructure approaches.  

The CISO will collaborate with other departments to stay abreast of the latest cybersecurity trends and emerging threats. The CISO, in coordination with the internal IT department and CTO, will work towards enhancing security measures, promoting best practices, and conducting regular security assessments of vendors and solutions.

THE WORK ITSELF

• Develop and maintain the organization’s digital risk and risk appetite framework and related processes to achieve the organization’s short and long term strategic, technology and cybersecurity goals. This includes a strategic, comprehensive information security program to ensure the security, integrity, confidentiality, privacy, and availability of data.  
• Participate in strategic and long-range planning and the development of project plans, policies and procedures, and budgetary projections with the CTO. Provide regular and consistent reporting on the current status of the information security program to senior management and the board of directors. 

Development and Monitoring:

• Create and maintain a comprehensive set of corporate information security policies and standards in cooperation with Internal IT and the CTO.
• Continuously monitor information security controls, Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and the technical landscape.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders and the CEO on the appropriate course of action. 
• Develop a compliance and audit program with existing stakeholders to ensure the organization is in compliance with applicable cybersecurity laws, standards, frameworks, and regulations, as well as SOC 2/3 requirements. This may include regulations such as GDPR, PCI DSS, as well as industry standards like ISO 27001.
• Implement effective Governance, Risk, and Compliance (GRC) controls and measures to protect systems and data.

Security Threat Assessment and Management:

• Conduct and/or risk assessments to identify and prioritize cyber risks based on potential impact and likelihood of occurrence. This involves analyzing the organization's IT infrastructure, systems, and processes to identify vulnerabilities and threats.
• Develop and implement risk mitigation strategies and controls to reduce the likelihood and impact of cyber threats. 
• Identify, communicate, and manage current and emerging security threats with relevant stakeholders.
• Develop information security compliance frameworks, security policies, and procedures as needed with Internal IT and the CTO.
• Manage security incidents and events to protect corporate IT/financial assets, company clients, including intellectual property, regulated data, and the company’s reputation, which includes RCAs and other retrospective documentation. 

Collaboration and Best Practices:

• Develop and maintain incident response plans to effectively respond to and mitigate cybersecurity incidents. This involves coordinating with internal teams and external stakeholders to contain and remediate security breaches.
• Work with businesses, internal team members, and third-party vendors to promote and adopt security best practices.
• Validate IT infrastructure and reference architectures for security best practices and recommend enhancements.
• Provide regular and consistent security awareness training and education to executive team on the relevant risks and changes in the cyber landscape. 

Audits and Reviews:

• Review monthly penetration tests and make recommendations to the CEO, CTO, and CFO.
• In coordination with the internal IT team, the CISO shall be involved in the management and coordination of audits with stakeholders and third parties. 
• Assess and manage cybersecurity risks associated with third-party vendors and suppliers. This includes evaluating the security posture of vendors and ensuring they meet the organization's security standards annually.
• Provide regular reports and updates to senior management and stakeholders on the organization's cyber risk posture, including identified risks, mitigation efforts, and compliance status.
• Conduct Incident Response Drills that simulate a real-world cybersecurity incident and test the organization's preparedness, response procedures, and coordination among relevant teams and stakeholders.

THE SKILLS YOU BRING

• Strong relationship builder and communicator with experience in vendor relationship management and working with diverse work teams.
• Excellent written and oral communications and cross functional project management skills required.  
• Self-starter who is able to follow projects through to completion with little supervision and meet deadlines in a fast-paced environment.  
• Comprehensive understanding of information security and enterprise risk management. 
• Proficiency in computer programs (e.g. Microsoft Office, Excel, and PowerPoint).
• Individual who brings enthusiasm, a collaborative work style, an inquisitive attitude, flexibility, creativity, a focus on excellence, and an overall “great-to-work-with” demeanor. 

THE PERKS WE OFFER

• Total Rewards: We offer a robust total rewards package including annual bonuses, a 5% contribution to your 401k plan, and a combination of monetary/non-monetary incentives to ensure you feel valued.
• Time Off: Besides our competitive paid time off package, team members receive paid holidays and time off to volunteer for causes that are important to them.
• Benefits: We offer a comprehensive benefits package, including all the necessities such as medical, dental, and vision. Don’t need health insurance? No problem! An opt-out credit will be provided to you for waiving coverage.
• Opportunity for you to make an impact on the people we serve! We’re all about people helping people!

THE COMPANY ITSELF

CUSG is a leading provider of cutting-edge software and services in human resources, marketing, technology, and financial empowerment. Proudly serving thousands of clients across various industries, we focus on collaboration to deliver exceptional experiences and results.