Chief Information Security Officer
Description:
Overview:
The Chief Information Security Officer (CISO) ensures the security and integrity of the organization’s information systems and data. Origami Risk’s security program responsibility includes measuring, assessing, reporting, and tracking risks to the organization to support informed risk management decisions by executive leadership. The CISO oversees daily security operations supporting the confidentiality, integrity, and availability of protected information, including but not limited to compliance with standard security frameworks and the required budget for the protection of enterprise information assets. Origami Risk’s Chief Information Security Officer will also be responsible for on-demand client interactions to both professional and present the overall technical capabilities of the company, but more importantly, the security apparatus in place to support safe and secure platform interactions at scale.
Responsibilities:
Provides information security leadership and expertise to the organization by recommending and prioritizing information security initiatives, which mitigate risks, strengthen defenses, and reduce vulnerabilities.
Provides active and independent leadership for organizational information security, with clear internal and external communication properly presented based on the audience's technical expertise.
Develops policies, procedures, and prioritization frameworks to support the company in risk management, including risk mitigation and acceptance decision-making.
Maintains risk management documentation, facilitating appropriate periodic review of implied and explicit risk acceptance decisions.
Leads sustains and develops colleagues in the Information Security department with accountability for information policy, compliance, standards and controls, policy and risk governance, information and technology risk assessment, client privacy, disaster recovery, cyber-defense, incident response, and identity and access management.
Coordinates consistently delivering security audits, vulnerability assessments, and penetration tests.
Oversees compliance team to manage ongoing completion of client questionnaires, security assessments, and audits.
Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the security program.
Leads programs and processes to monitor the emergence of new threats and vulnerabilities, assessing impacts and facilitating executive leadership risk management decisions.
Reviews investigations after incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
Creates and manages a scalable review program for third-party vendors and contracts to ensure appropriate controls are in place and working effectively. This includes both initial review and periodic ongoing re-certifications.
Leads and facilitates information security governance topics, status, and advice, including active involvement of and leading committees.
Serves as the corporate focal point for security incident response planning, execution, and awareness.
Appropriately prioritizes and executes plans within approved budgeted resources and periodically provides briefs to the executive team on data privacy risks to the business, facilitating the potential for continued budgetary investment evaluation with clear action plans, costs, deliverables, and timelines.
Liaisons with external agencies, such as regulators, industry groups, law enforcement, and others as necessary.
Understands current and proposed legal and regulatory data privacy requirements that apply to the organization or its customers, such as GDPR, CCPA, TCPA, the NYDFS cybersecurity regulation, HIPAA security rules, and state notification laws.
Represents Origami Risk, provides thought leadership in industry and cybersecurity forums, and participates in relevant seminars, forums, and committees.
Researches and identifies key outside security partners to augment and support overall security programs at Origami to expand the internal security skill sets and capabilities.
Aligns with internal Learning and Enablement teams to develop and routinely evaluate internal security awareness and training protocols to create a culture of security awareness and preparedness.
Qualifications:
Bachelor's degree in Information Security, Cybersecurity, or related field (Master's degree preferred)
At least 12 years of experience in information security and information technology, including CISSP, CISM, and CRISC certifications.
Sound judgment and ability to effectively balance information risk controls with business productivity and growth.
Ability to communicate technical information to non-technical and diverse audiences, including senior management, current and emerging digital security trends and directions.
Broad knowledge of current and emerging information technology industry trends and directions, including shared information security management frameworks, regulations, and standards, such as NIST 800-53 & CSF, FIPS, HIPPA, HITRUST, ISO/IEC 27001, ITIL, CSA CAIQ, and COBIT.
Experience in project delivery methodologies and processes (e.g., Agile, DevOps, et al.).
Excellent communication and interpersonal skills to build relationships with clients and internal teams.
Who We Are:
Origami Risk provides integrated SaaS solutions to organizations across the risk and insurance ecosystem — from insured corporate and public entities to brokers and risk consultants, insurers, third party claims administrators (TPAs), and risk pools. We deliver our risk management and insurance core system solutions from a cloud-based platform that is highly configurable, completely scalable, and accessible via web browser and mobile app.
Dais Technology, a subsidiary of Origami Risk, provides a no-code platform that revolutionizes insurance product creation for MGAs, insurers, and reinsurers. Dais’ event-based architecture enables AI-driven bundling, automation, and real-time deployment.
Solutions from Origami Risk and Dais Technology are backed by a best-in-class service team of experienced risk and insurance professionals who possess a balance of industry knowledge and technological expertise. A singular focus on helping clients achieve their business objectives underlies our approach to developing, implementing, and supporting our risk management, safety, compliance, and insurance core system technology solutions.
Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.
Permanent