Job Description: CHIEF INFORMATION SECURITY OFFICER (CISO)

PURPOSE OF THE JOB

The CISO provides the strategic vision of cybersecurity, implementing programs for the protection of information assets, defining processes to limit the risks associated with the adoption of digital technologies, and providing an “external” view on business processes that impact information security and in maintaining visibility of the Guess’s cybersecurity plans for management and institutions.

In its role, the CISO will be accountable for plans, milestones, policies, and procedures. It will take care to share with all stakeholders involved in the Corporate organization (IT, infrastructure, internal security, legal, compliance, etc.) drafts and development of these to be sure about their feasibility and concreteness within the Company’s reality and then correctly assessed.

CORE JOB RESPONSIBILITIES

The main target is to standardize, develop, maintain, assess business processes that impact cybersecurity, and provide guidance in collaboration with the corporate functions involved in order to:

• • • • Define proper security governance intended to Policies, Procedures, and systems by which the organization manages and controls cybersecurity activities
      • Maintain and develop the cybersecurity governance structure
      • Define with the stakeholders and implement a 36-month cybersecurity roadmap, with quarterly milestones
      • Report to management on the status, plans, and investments related to the roadmap mentioned above
      • Managing relations with institutions on data and information security issues, providing support in the preparation of meetings, deliverables, etc.

REQUIREMENTS

• • • • Education: Bachelor’s Degree

• • • • Experience Level:
        • 8+ Years in working in a complex IT security environment with Public Key Infrastructure, High-Security Modules (HSM), Intrusion Prevention System (IPS) and Intrusion Detection System (IDS)security appliances, problem diagnosis, and security optimization in a large enterprise.
        • Familiarity with Payment Card Industry Data Security Standard (PCI DSS) and IT General Controls (ITGC).
        • Familiarity with SOX general operating controls.

• • • • Required Certifications:
      • • Bachelor’s Degree in Computer Science, Information Technology, Engineering or a related discipline.
        • Certification in the Information Security field is a must.
        • Relevant industry certifications in the security and technical fields:
          • Mandatory: CISSP (Certified Information System Security Professional)
          • Nice to have: CISM, CRISC, CGEIT, or one of the following ones:
          • GPEN: certification of the SANS Institute, which allows acquiring the knowledge and methodologies necessary to carry out a vulnerability assessment and penetration tests
          • OSCE (Offensive Security Certified Expert): OSCE certified personnel is able to identify vulnerabilities and misconfigurations that are difficult to find in various operating systems and carry out organized attacks in a controlled and targeted manner. The intense forty-eight-hour review also demonstrates that the OSCE has an above-average degree of persistence and determination
          • OSWP (Offensive Security Wireless Professional): OSWP certified personnel is able to identify existing vulnerabilities in 802.11 networks and carry out organized attacks in a controlled and targeted manner. An OSWP can bypass various network security restrictions implemented on wireless networks and retrieve the encryption keys in use
          • CHFI (Certified Hacking Forensic Investigator): This certification enables forensic analysts to perform the process of detecting hacking attacks and extracting evidence correctly to report crime and conduct audits to prevent future attacks.
          • CEH (Certified Ethical Hacker): A certified Ethical Hacker is an experienced professional who understands and knows how to spot the weaknesses and vulnerabilities in target systems. It uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate way to assess the security position of a target system.
          • PALOALTO ACE (Accredited Configuration Engineer): certifies the ability to configure Palo Alto Network firewalls using PAN-OS
          • CCIE (Cisco Certified Internetwork Expert): certifies the highest competence in the networking field to design, operate and solve problems related to complex network infrastructures
          • CCDE (Cisco Certified Design Expert): prepares network engineers to develop design solutions for large-scale networks
          • CCNA (Cisco Certified Network Associate): certifies the skills of a networking specialist able to install, configure and manage LAN and geographic networks

• • • • Other Knowledge or Skills:
        • Security technology including firewall, intrusion prevention, web filtering, log monitoring, and data loss prevention.
        • Security concepts including network segmentation, demilitarized zones, tiered architecture, and encryption.
        • Work independently without close supervision.
        • Must be a critical thinker with the ability to come up with original and/or creative security ideas.
        • Strong relationship management to work/consult with users.
        • Strong verbal and written communication skills.
        • Strong ability to interpret the impact of security choices.
        • Strong work ethic and self-motivated to get the job.
        • Sense of ownership and pride in the performance and its impact on the company’s success.
        • Good knowledge of written and spoken English is mandatory. Any other European language is considered a plus.

If you think you fit the position, please contact us by filling in the following contact form: