vCISO- APAC

About Us: At Kobalt.io, our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cybersecurity services that support a secure path to growth. This is reflected in everything we do from the programs we build, to the partnerships we have developed with companies such as Vanta, Prescient and Sumo Logic.

Role Overview: Kobalt.io is an equal-opportunity employer looking for team members who have a real passion for cybersecurity! Reporting to the Director of Professional Services, the vCISO is responsible for leading our client’s security programs successfully - establishing policies, procedures, performing gap assessments and risk analysis, and leading roadmap development and execution. In addition, as a certified partner of Vanta, the vCISO will leverage the Vanta platform to accelerate the client’s compliance journey as part of the security program.  The ideal candidate will blend deep security experience with client soft skills, communication, planning, and an ability to drive change.  This role is located in Australia in the Australian Central Standard Time Zone or Australian Western Standard Time Zone or anywhere in the Philippines.

Responsibilities:

• Advise clients on their cybersecurity strategy by developing security roadmaps, prioritizing security projects, and providing assistance in the execution of those projects
• Serve as a subject matter expert of Vanta, or a similar GRC platform, and leverage the application to accelerate the client’s compliance journey
• Enhance our client’s security environment through performing security gap analyses, internal audits, risk assessments, and tabletop exercises
• Present to client stakeholders regularly to discuss the client’s cybersecurity program progress
• Provide compliance audit readiness support as required
• Facilitate the client’s knowledge and advise them on security matters
• Work with a multi-disciplinary team (internally and externally)
• Identify opportunities for security projects and services for our sales team
• Collaborate with the sales team to propose solutions and support clients

Qualifications:

• A strong understanding of constraints specifically faced by small to medium technology companies and possessing the ability to advise security solutions that are right-sized for these businesses
• 7+ years of experience in Security Technologies, Information Security, Business Resilience, Technology Risk or related fields
• Customer-first focus.
• Can work independently and with teams to identify and resolve challenges and overcome roadblocks.
• Ability to communicate effectively, both verbally and in writing, with clients and internal audiences
• A strong understanding of cybersecurity domains, including Security Operations (on-premise and cloud), Security Engineering, Information Risk Management, etc.
• The ability to articulate secure best practices of various aspects of information risk management in the context of people, processes and technology

Nice to have:

• Experience with compliance standards such as SOC2, ISO 27000 series, ISO 42001, PCI, and other privacy frameworks, like GDPR, HIPAA
• Operational understanding of networks, cloud systems, software development and other core security elements
• Knowledge of security best practices across people, process, and technology
• Active certifications from cybersecurity or cloud vendors (CISSP, CISM, and cloud security certifications)
• Active certifications from (ISC)2, ISACA, GIAC or equivalent

• Deep understanding of security architecture, forensics, and GRC, and experience with a wide range of IT and security technologies, infrastructure environments, policies, and operational procedures

• Experience in executing multi-stage projects over an extended period of time
• Experience with technology firms, such as SaaS B2B firms, Health Tech, FinTech and related sectors

Benefits:

• Competitive salary and benefits package
• Flexible remote work arrangements
• Professional development opportunities
• Fun and inclusive company culture