Description

The Associate Chief Information Security Officer is responsible for supporting the Head of Global Information Systems in overseeing the day-to-day Information and Cybersecurity program including security operations. The Associate Chief Information Security Officer will report to the Head of Global Information Systems and manage the day-to-day operations of the Information Security function at Cronos. The individual in this position will work with the Head of Global IS to successfully develop, implement, and maintain the functions of the Information & Cybersecurity Program, and serve as a member of the incident response team.  The Associate CISO will, together with the Head of Global IS be responsible in the implementation of policies, procedures and strategies that protect the organization’s information assets from cyber threats. The ideal candidate must have a deep knowledge in essential security practices and experience managing and developing teams. This is a hands-on role where monitoring security controls and developing and improving security strategies will be some of the key responsibilities of this position. Ability to communicate effectively across the business and technology at all levels in the organization is required. The Associate CISO may have leadership responsibilities over specific teams or areas within the Cybersecurity functions such as incident response and vulnerability management. The Associate CISO may also manage relationships with external such as the organizations managed security service provide (MSSP). The ideal candidate is energetic, collaborative, and forward- thinking.

This role is currently remote. 

What you’ll be doing:

• Manage and lead cybersecurity deliverables in collaboration with the Head of Global IS, for:
  • Security policy development and maintenance
  • Selection and implementation of appropriate technology solutions
  • Day-to-day operation and monitoring of security controls
  • Design and implement a robust application security program
  • Improve and develop new process designs and technology platform strategies
  • Partner with stakeholders when onboarding solutions to ensure adequate controls are available and enabled
  • Direct/conduct ongoing risk assessments; drive remediation and reporting of vulnerabilities
  • Manage relationships with internal and external partners and stakeholders
  • Serve as the Incident Commander responsible for leading and coordinating the response to all incidents where appropriate Adopt a security advisory mindset, providing subject matter expertise to the firm's internal stakeholders; advise and execute on the Company's security strategy Lead data protection initiatives to ensure the confidentiality, integrity, and availability of company and customer information
• Develop training plans and mentorship opportunities to promote internal capabilities
• Monitor threat landscape for emerging threats and advise stakeholders on appropriate courses of action
• Lead partnership with external Managed Security Service Provider
• Assess and manage cybersecurity risk and maintain compliance with applicable regulatory requirements
• Implement a continuous monitoring strategy to identify and respond to changes to the company's risk posture and communicate to control owners
• Grow and evolve the cloud security program to incorporate best practices across multiple environments
• Influence the adoption of secure design patterns with a mission to embed security into the fabric of the company through an agile software development process.
• Engage with regulators to understand the company's security program, and assist with due diligence responses
• Adopt a security advisory mindset, providing subject matter expertise to the firm's internal stakeholders; advise and execute on the Company's security strategy
• Lead data protection initiatives to ensure the confidentiality, integrity, and availability of company and customer information

You’ll need to have:

• Bachelor’s Degree in Computer Science, Information Systems a related field. A relevant certification such as CISSP, CISM, or CRISC is also preferred.
• 10+ years of experience in the information security, cybersecurity or a related field, with at least 4 years in a senior leadership role directly supervising staff
• Advanced knowledge of essential security practices, such as vulnerability and patch management, incident response, and endpoint protection
• Familiarity with industry frameworks such as NIST CSF, ISO 27001, SOC 2 Type II, etc.
• Strong technical foundation, including security architecture, threat modeling, vulnerability assessments, and cloud security
• Experience with risk assessment and incident response is also important

Professional Skills Qualifications

• Strong communication skills: This role must communicate with various stakeholders including business leaders, clients, team members, engineers, regulators, and legal counsel
• Strategic problem-solving and decision-making abilities
• Strong leadership and interpersonal skills in leading and managing an external team of security professionals

Desired Qualifications

• Previous experience working in the manufacturing industry
• CISSP, CISM or CRISC

We are committed to fostering a diverse and inclusive work environment, and we welcome and encourage applications from people with disabilities and people with diverse backgrounds, identities, and cultures. For candidates with disabilities, accommodations are available upon request in all phases of the selection process.