Chief Information Security Officer - CISO (San Francisco Bay Area)

About the Position

CISO is a critical role for Energy Exemplar to protect and safeguard organization’s digital assets, employee and customer data in today’s evolving threat landscape.

The CISO will handle cybersecurity threats, respond to incidents, regulatory requirements, and technological advancements while contributing to EE’s overall strategic objectives and resilience.

Cyber is one of the top operational risks for Energy Exemplar as we have had a rapid growth in our head count, and expanded our SaaS and Product offering organically and through acquisitions.

This role will ensure that Energy Exemplar will have the appropriate leadership with known skillsets, expertise, and experience to manage those risks across the organization

Key Stakeholder Relationships

This position works closely and collaboratively with all Energy Exemplar staff but in particular :

• Product Engineering, DevOps, Information Technology Team
• Legal, Finance, Sales and Global Leadership Team

Key Accountabilities and Duties

Key Accountabilities

Leadership and Strategy : Develop and implement a comprehensive information security strategy aligned with the company’s business objectives.

Lead the Information Security team, providing guidance, mentorship, and support to ensure the team’s success.

• Application Security : Oversee and enhance Energy Exemplar’s product security program, ensuring secure software development practices are integrated throughout the SDLC.
• Certifications : Successfully lead Audit process for SOC2, ISO 27001 and similar certifications for regulatory boards for industry sectors that EE’s products are sold.
• Incident Response / Management : Lead efforts in detecting, responding to, and recovering from security incidents, including having the technical aptitude to understand and own the incident (and all comms) and follow-up remediation and prioritization.
• Risk Assessment : Continuously evaluate cybersecurity risks and enforce measures / controls to mitigate them.
• Compliance : Ensure compliance with relevant security regulations and standards, and be able to present to regulators in case of an issue or any inquiries
• Security Awareness : Promote a culture of security awareness and best practices among employees.
• Manage Security Technologies : Oversee the adoption and management of effective security tools and practices.
• Customer Engagement : Any of your most seasoned customer’s tech and cyber leadership on why cyber is managed exceptionally
• Vendor / 3rd Party Risk Management : Assess and manage the security implications of third-party partnerships.
• Budgeting : Manage and allocate resources efficiently to support the company’s security initiatives.
• Executive Reporting : Communicate the status and needs of the security program to senior management and stakeholders, and be able to clearly articulate and define the trade-offs on specific cyber risks

Candidate Requirements

Skills, Knowledge and Experience :

• A breadth of hands-on and senior leadership experience in security, engineering, or DevSecOps management.
• In-depth understanding of security technologies such as intrusion detection, content filtering, threat patterns, security architecture, application architecture, and compliance criteria.
• Thorough understanding of SDLC and Application Security Policies, Design and Documentation.
• Experience with enforcing secure coding practices, threat modeling, identity and access management, and security incident response and recovery.
• Deep knowledge of cloud security, network security, data protection, and security in a software development environment.
• Thorough understanding of Risk Management principles (Risk Register and Cyber risks).
• Fundamental understanding of Incident Management and Security and Cloud Operations.
• Experience with ethical hacking, computer forensics, information assurance, and intrusion detection and prevention methodologies
• Experience securing and navigating cloud platforms, such as Azure and AWS platforms.
• Knowledge of security technologies (IDS, SIEM), cloud security monitoring technologies and the desire to remain technically hands-on, but also operate on a strategic level.
• Deep knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, ISO270xx).
• In-depth understanding of data protection laws and regulations, including GDPR and other relevant legislation in regional jurisdiction.
• Deep expertise across security, privacy, audits, and legal security standards, guidelines, and principles within a large, highly distributed, complex global organization.
• Able to effectively partner with cross-functional teams including Product Engineering, Cloud Operations, IT, Finance, Legal and HR to coordinate activities and accomplish goals.
• Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
• Track record of building, growing, and maintaining high-performing security teams (US and India), driving transformation in a growth environment

Qualifications :

• Bachelor's Degree required in Computer Science, Engineering or technical field.
• Minimum of 10+ years of experience in information security, with 5+ years in a leadership role.
• Proven experience in application security, including secure coding practices, cloud operations, and vulnerability management.
• In-depth knowledge of application security frameworks and best practices.
• Proficiency with security tools such as static and dynamic analysis tools, vulnerability scanners, penn testing.
• Hands-on experience with secure software development methodologies and DevSecOps practices.
• Certifications (CISSP, CISA, CISM, CEH, OSCP or GSEC) preferred
30+ days ago