CISO (Chief Information & Security Officer)

About the Position  

CISO is a critical role for Energy Exemplar to protect and safeguard organization’s digital assets, employee and customer data in today’s evolving threat landscape. The CISO will handle cybersecurity threats, respond to incidents, regulatory requirements, and technological advancements while contributing to EE’s overall strategic objectives and resilience. Cyber is one of the top operational risks for Energy Exemplar as we have had a rapid growth in our head count, and expanded our SaaS and Product offering organically and through acquisitions.  This role will ensure that Energy Exemplar will have the appropriate leadership with known skillsets, expertise, and experience to manage those risks across the organization  

 

Key Stakeholder Relationships  

This position works closely and collaboratively with all Energy Exemplar staff but in particular:  

• Product Engineering, DevOps, Information Technology Team  

• Legal, Finance, Sales and Global Leadership Team  

Key Accountabilities and Duties  

• Leadership and Strategy: Develop and implement a comprehensive information security strategy aligned with the company’s business objectives. Lead the Information Security team, providing guidance, mentorship, and support to ensure the team’s success.   

• Application Security: Oversee and enhance Energy Exemplar’s product security program, ensuring secure software development practices are integrated throughout the SDLC.   

• Certifications: Successfully lead Audit process for SOC2, ISO 27001 and similar certifications for regulatory boards for industry sectors that EE’s products are sold.  

• Incident Response / Management: Lead efforts in detecting, responding to, and recovering from security incidents, including having the technical aptitude to understand and own the incident (and all comms) and follow-up remediation and prioritization.  

• Risk Assessment: Continuously evaluate cybersecurity risks and enforce measures / controls to mitigate them.  

• Compliance: Ensure compliance with relevant security regulations and standards, and be able to present to regulators in case of an issue or any inquiries  

• Security Awareness: Promote a culture of security awareness and best practices among employees.  

• Manage Security Technologies: Oversee the adoption and management of effective security tools and practices.  

• Customer Engagement: Any of your most seasoned customer’s tech and cyber leadership on why cyber is managed exceptionally  

• Vendor / 3rd Party Risk Management: Assess and manage the security implications of third-party partnerships.  

• Budgeting: Manage and allocate resources efficiently to support the company’s security initiatives.  

• Executive Reporting: Communicate the status and needs of the security program to senior management and stakeholders, and be able to clearly articulate and define the trade-offs on specific cyber risks  

  

Candidate Requirements  

  

Skills, Knowledge and Experience:  

• A breadth of hands-on and senior leadership experience in security, engineering, or DevSecOps management.  

• In-depth understanding of security technologies such as intrusion detection, content filtering, threat patterns, security architecture, application architecture, and compliance criteria.  

• Thorough understanding of SDLC and Application Security Policies, Design and Documentation.  

• Experience with enforcing secure coding practices, threat modeling, identity and access management, and security incident response and recovery.   

• Deep knowledge of cloud security, network security, data protection, and security in a software development environment.   

• Thorough understanding of Risk Management principles (Risk Register and Cyber risks).  

• Fundamental understanding of Incident Management and Security and Cloud Operations.  

• Experience with ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies  

• Experience securing and navigating cloud platforms, such as Azure and AWS platforms.