Chief Information Security Officer


Job Description

The CISO reports to the Chief Information Officer (CIO) within the Enterprise Transformation (ET) internal client service function. ET is responsible for the secure and reliable delivery and operation of technology and information assets and for making technology and information an enabler of effective and efficient operations, revenue growth, client service delivery excellence, and quality.  

The CISO is the senior-level executive within ET that is responsible for establishing and maintaining the enterprise vision, comprehensive information security strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs a team that is responsible for identifying, developing, implementing, and maintaining processes, practices and tools that reduce information and technology risks across the enterprise. The CISO leads efforts to prevent and responds to security incidents, establishes appropriate standards and controls, manages security technologies, and implements security policies and procedures.

The CISO is also responsible for achieving and retaining ISO 27001 and 27017 certifications for the firm and for governing the firm’s managed service security provider. The CISO is an advocate for the company information security needs and advises senior leadership on security resource investments. The complexity of this position requires a leadership approach that is engaging, imaginative, grounded by technical acumen, and collaborative, with a sophisticated ability to work with other leaders and balance security strategies and interests with other firm priorities.  


  • Provide strategic leadership of the company information security program
  • Provide security guidance and counsel key members of company leadership team
  • Oversee the formation and operation of ET’s information security organization
  • Promote collaborative, effective security working relationships across company
  • Establish security program and priorities and manage security governance processes
  • Lead security planning processes to establish comprehensive security program
  • Communicate the value of security to build consensus among firm leaders
  • Establish annual and long-range security and compliance goals
  • Define security strategies, metrics, reporting mechanisms and program services
  • Develop and execute continual security program improvement roadmap
  • Communicate policies, procedures, and guidelines necessary to implement processes for access control, monitoring, and vulnerability management
  • Manage relationships with third-party providers of service delivery and security monitoring client privacy preferences and personally identifiable information
  • Apply risk management methods to information technology in order to manage IT risk
  • Implement standards, governance and security policies that reduce vulnerability
  • Remain informed about information security issues and regulatory changes
  • Pursue professional development to continually improve professional security skills
  • Implement professional development plans for all members of the ET security team
  • Protect integrity, availability, authenticity, non-repudiation and confidentiality of data
  • Use experience in technology, operations and management to deliver value
  • Develop and implement policies and practices that secure protected and sensitive data
  • Ensure information security and compliance with relevant legislation
  • Assess and make recommendations regarding the adequacy of the security controls
  • Work with internal auditors and outside advisors on required security assessments
  • Build security/compliance programs to effectively address regulatory requirements.
  • Work closely with IT leaders, technical experts, and administrative leaders across the firm
  • Create security awareness programs and advise on security issues and best practices
  • Lead security workstreams during significant information security incidents.
  • Manage the people, processes and technologies that provide situational security awareness through the detection, containment, and remediation of IT threats
  • Identify Risk areas and recommend solutions that reduce risk to acceptable level
  • Develop, implement and administer technical security standards
  • Deliver suite of security services and tools to address and mitigate security risk
  • Develop overall strategy, tactics, plan and execution of IT security services
  • Direct and respond to security audits and vulnerability assessments
  • Manage ongoing analysis of security exposures and assess program effectiveness
  • Lead efforts to evaluate information security risks and monitor compliance with standards
  • Examine impacts of new technologies and their impact on information security
  • Perform special projects and other duties as assigned.
  • Ensure effective identity and access management controls are deployed and used
  • Support and guide disaster recovery planning and testing
  • Monitored the internal state of security and work to continually improve


  • 10 years' experience of Information Security, preferably in a professional services environment
  • Self-starter with the ability and confidence to develop and implement their own projects and workload
  • Strong written and inter-personal skills
  • Good organization and time management skills and an ability to manage multiple projects


  • Previous experience of working within a national or global professional services environment and with Tax, Audit and Advisory stakeholders

Job Requirements