CISO (Chief Information & Security Officer)

About the Position

CISO is a critical role for Energy Exemplar to protect and safeguard organization's digital assets,employeeand customer data in today's evolving threat landscape. The CISO will handle cybersecurity threats, respond to incidents, regulatory requirements, and technological advancements while contributing to EE's overall strategicobjectivesand resilience. Cyber is one of the top operational risks for Energy Exemplar as we have had a rapid growth in our headcount, andexpanded our SaaS and Product offering organically and through acquisitions. This role will ensure that Energy Exemplar will have theappropriate leadershipwith known skillsets,expertise, and experience to manage those risks across the organization

Key Stakeholder Relationships

This position works closely andcollaborativelywith all Energy Exemplar staff but in particular:

• ProductEngineering, DevOps, Information Technology Team

• Legal, Finance,Salesand Global Leadership Team

Key Accountabilities and Duties

• Leadership and Strategy: Develop and implement a comprehensive information security strategy aligned with the company's businessobjectives. Lead the Information Security team, providing guidance, mentorship, and support to ensure the team's success.

• Application Security: Oversee and enhance Energy Exemplar's product security program, ensuring secure software development practices are integrated throughout the SDLC.

• Certifications: Successfully lead Audit process for SOC2, ISO 27001 and similar certifications for regulatory boards for industry sectorsthatEE's products are sold.

• Incident Response / Management: Lead efforts in detecting, responding to, and recovering from security incidents, including having the technical aptitude to understand and own the incident (and all comms) and follow-up remediation and prioritization.

• Risk Assessment: Continuously evaluate cybersecurity risks and enforce measures / controls to mitigate them.

• Compliance: Ensure compliance with relevant security regulations and standards, and be able to present to regulators in case of an issue or any inquiries

• Security Awareness: Promote a culture of security awareness and best practices among employees.

• Manage Security Technologies: Oversee the adoption and management of effective security tools and practices.

• Customer Engagement: Any of your most seasoned customer's tech and cyber leadership on why cyber is managed exceptionally

• Vendor / 3rdParty Risk Management: Assess and manage the security implications of third-party partnerships.

• Budgeting: Manage andallocateresources efficiently to support the company's security initiatives.

• Executive Reporting: Communicate the status and needs of the security program to senior management and stakeholders, and be able to clearly articulate and define the trade-offs on specific cyber risks

Candidate Requirements

Skills,Knowledgeand Experience:

• A breadth of hands-on and senior leadership experience in security, engineering, orDevSecOpsmanagement.

• In-depth understanding of security technologies such as intrusion detection, content filtering, threat patterns, security architecture, application architecture, and compliance criteria.

• Thorough understanding of SDLC and Application Security Policies, Design and Documentation.

• Experience with enforcing secure coding practices, threat modeling, identity and access management, and security incident response and recovery.

• Deep knowledge of cloud security, network security, data protection, and security in a software development environment.

• Thorough understanding of Risk Management principles (Risk Register and Cyber risks).

• Fundamental understanding of Incident Management and Security and Cloud Operations.

• Experience with ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies

• Experience securing and navigating cloud platforms, such as Azure and AWS platforms.

• Knowledge of security technologies (IDS, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but alsooperateon a strategic level.

• Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, ISO270xx).

• In-depth understanding of data protection laws and regulations, including GDPR and other relevant legislation in regionaljurisdiction.

• Deepexpertiseacross security, privacy, audits, and legal security standards, guidelines, and principles within a large,highly distributed, complex global organization.

• Able to effectively partner with cross-functional teams including Product Engineering, Cloud Operations, IT, Finance, Legal and HR to coordinate activities andaccomplishgoals.

• Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.

• Track recordof building, growing, andmaintaininghigh-performing security teams (US and India), driving transformation in a growth environment

Qualifications:

• Bachelor's Degreerequiredin Computer Science,Engineeringor technical field.

• Minimum of 10+ years of experience in information security, with 5+ years in a leadership role.

• Proven experience in application security, including secure coding practices, cloud operations, and vulnerability management.

• In-depth knowledge of application security frameworks and best practices.

• Proficiencywith security tools such as static and dynamic analysis tools, vulnerability scanners,penntesting.

• Hands-on experience with secure software development methodologies andDevSecOpspractices.

• Certifications (CISSP, CISA, CISM, CEH, OSCP or GSEC)preferred