We’re ONE team that is driven by our vision to unleash the power of human collaboration by delivering innovative, world-class solutions to our customers. We work smart, with a collaborative state of mind that drives our strategy and helps us achieve our common goals.
Polycom’s innovative spirit begins with our people. We empower your personal and professional growth and we strive to give you everything you need to achieve your highest level of excellence. With your help, we’ll accomplish great things.
The Chief Information Security Officer (CISO) is a critical role not only for the Information Technology Department, but for all of Polycom. As such, the position reports directly to Polycom’s Chief Information Officer (CIO) as a key member of senior IT staff. In addition to leading all corporate information security efforts, the CISO leads security for all Polycom products and services. Therefore, the position also reports in a matrixed fashion to the Executive VP of Engineering.
The CISO is responsible for driving an enterprise-wide information security management program to ensure that the information assets of Polycom, its customers and partners are adequately protected. The CISO will proactively work with business units to implement practices, design and manufacture products and deliver services that meet defined policies and standards for information security. S/he will serve as process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with Polycom’s information security policies.
Specific responsibilities include:
- Work closely with the IT Governance & Strategy function to manage a hierarchical governance program, including co-chairing a cross-functional information security review board for enterprise security risk strategy and operations.
- Set information security policies, standards and guidelines for sharing information on internal or external platforms, the product delivery process and the delivery of cloud-based and other services to customers. Oversees the approval, training, and dissemination of security policies and practices, as well as information security awareness and training programs for all employees, contractors and approved system users.
- Manage all third-party product security certifications worldwide, as well as all in-house security assessments, audits and remediation.
- As Polycom’s representative to customers and partners in matters related to information security, understands the “voice of the customer” (both internal and external).
- Direct all information security staff, operations, certifications (product, service and process) and security incident response for Polycom. As such, is owner of policy, procedure, preparations and readiness to address issues and incidents that occur in these areas.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
- Develop and manage information security budgets, and closely monitor actual performance for variances and corrective actions.
- Provide regular reporting on the current status of the information security program to teams, senior business leaders and the Board of Directors as required.
- Provide strategic security risk guidance for IT projects, including the evaluation and recommendation of technical controls. Consults with product development and service delivery teams on information security matters.
- Liaise with Enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
- Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
- Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
- Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, its resource allocation and its ongoing maturation.
- Perform related duties and fulfill responsibilities as required.
- 10+ years of experience in a combination of risk management, information security and IT jobs. At least four must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility and a proven record of staff development.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences including executives and business stakeholders.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Must be a critical thinker with strong problem solving skills.Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX) and Payment Card Industry/Data Security Standard (PCI/DSS)
- Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
- Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
Highlights of our benefits include: Benefits effective on date of hire; competitive time off with accrual beginning immediately; 12 paid holidays including flexible holidays; 401k with company match; tuition reimbursement.Polycom embraces diversity and is an Affirmative Action/Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, religion, color, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally-protected basis. Polycom participates in E-Verify.