Interim Chief Information Security Officer

Overview

The Interim CISO will provide immediate, strategic and operational security leadership on a fixed-term basis. The primary mandate is to conduct a rapid, high-impact review and uplift of critical security governance functions, focusing specifically on asset management, third-party assurance, and incident preparedness.

Key Responsibilities and Deliverables:

The successful candidate will be a hands-on leader responsible for the following key reviews:

1. Group Information Asset Register (IAR) Review

• Audit and Validate the current IAR structure, completeness, and accuracy of Confidentiality, Integrity, and Availability (CIA) classifications.
• Establish a repeatable, documented process for the continuous identification, registration, and risk-linkage of all high-value information assets.

2. 3rd Party Assurance Process Uplift

• Assess and Refine the entire Third-Party Risk Management (TPRM) lifecycle, identifying gaps in vendor security due diligence and ongoing monitoring.
• Define a tiered, risk-based methodology for assurance reviews, ensuring the rigor of the review matches the vendor's inherent risk to the organization.

3. Incident Response and Recovery Plan (IRRP) Validation

• Critically Review the current IRRP for clarity, compliance, and integration with broader Business Continuity (BC) plans.
• Coordinate and Lead scenario-based tabletop exercises with executive and functional teams to test the plan's effectiveness and team readiness.
• Deliver a prioritized remediation plan to address all identified weaknesses in detection, containment, and recovery.

Required Qualifications

• Extensive experience (8+ years) in Information Security, with significant time in a senior leadership or CISO/Interim CISO role.
• Demonstrable expertise in Information Asset Management, Third-Party Risk Management (TPRM), and leading high-stakes Incident Response efforts.
• Deep practical knowledge of GRC frameworks (e.g., NIST CSF, ISO 27001).
• Exceptional ability to communicate complex risks and solutions clearly to executive and board-level audiences.
• Relevant professional certifications (e.g., CISSP, CISM, CRISC).