Who You’ll Work For
REEF is the ecosystem that connects the world to your block, with nearly 5,000 locations across North America. Each REEF hub is a thriving, connected ecosystem of businesses, cities and people, that serves the needs of the on-demand economy. Each location leverages its proximity to where large concentrations of people live and work, offering a variety of services, including micro-fulfillment and distribution centers, mobility solutions, and buffer zones that reduce traffic and congestion.
REEF Kitchens is a core part of this ecosystem that allows food entrepreneurs and restaurants to open and quickly expand their businesses with minimal operational and capital costs. Our national network of delivery-only kitchens lowers the barriers and costs for business owners and helps bring fresh, healthy, high quality food to local neighborhoods.
We are part of SoftBank, and its portfolio of leading companies transforming business and commerce at the cutting edge of technology in the world today.
The Chief Information Security Officer (CISO) is responsible for providing strategic leadership and direction for the organization’s information and security function and coordinating alignment with the physical security functions. The CISO will build and sustain an Information Security function that integrates Governance and Risk Compliance controls, requirements, oversight and validation into Information Technology (IT) and Operations Technology (OT). The CISO will be responsible for developing and championing the methods and structure for measuring IT/OT Information Security metrics through regular status monitoring of Information and Data Security activities and operations. The CISO will direct strategy, operations, and budgetary components required for the protection of the enterprise information assets.
The CISO is accountable for ensuring the IT/OT Security and Governance strategies are in alignment with the Physical Security environment and are consistent with the business objectives of the organization. (E.g. Growth/Innovation, Operational Efficiency, Reliability, Risk Management and Regulatory Compliance). The CISO identifies, develops, implements and maintains processes across the organization to reduce data and information technology risks. It will be particularly important for the CISO to ensure alignment among the different business groups and business leadership teams regarding threat vectors, risk levels, data and technology security.
· Create strategic multi-year plans to ensure enterprise information assets are protected and compliance standards are achieved.
· Establish and sustain organization-wide (i.e. IT & OT) security technology standards, process improvements, governance processes and performance metrics to ensure that people, processes and technology mitigate persistent threats and meet current security standards adopted by the organization and protecting the company’s information assets
· Expertise in data privacy rights as it relates to CCPA and GDPR
· Identify, select and implement security technology standards which complement best practice standards (NIST, IS2700x, PCI-DSS, COBIT, etc.)
· Ensuring that only authorized people have access to restricted data and systems; making sure internal staff don't misuse or steal data
· Experience in working with a Product Engineering team to ensure all products developed are in compliance with best practice data governance and security, as well as local global statutory requirements
· Develop a best practice Disaster Recovery (DR) program to ensure technology availability and safety for employees, and align the DR program with the organizations Business Continuity Program (BCP); ensure timely technology operations recovery following an interruption in service caused by a technology system outage or declared disaster
· Establish and manage processes for monitoring cyber security strategies, policies, compliance controls, and programs to meet the company’s business needs
· Identify Information Security needs and risks, and establish operational plans that align with the organization’s vision, mission and objectives, and support long-term Information Security growth and sustainability
· Collaboratively work with the IT network and business applications team in support of the IT and Operations hardware and software to assist and improve processes and standards; provide Level 3 or 4 support when required
· Coach and mentor the company’s employees to evolve skills, capabilities and teamwork across the technology organization; oversee/assist with the development of an Information Security Management System (ISMS)
· Oversee the selection, development, deployment, monitoring, maintenance, and enhancement of the organization's cyber security technology
· Direct the assessment of business and technology risks to ensure such risks are appropriately identified and evaluated. Oversee the development and implementation of appropriate measures to identify risks associated with applications/business functions
· Provide management oversight to all activities related to technology compliance with regulatory as well as audit requirements, ensuring that technology best practices are being followed for Information Security and Disaster Recovery
· Develop communication strategies for informing employees of cyber security initiatives
· Develop rolling one-year plan for addressing future Cyber/Information Security threats and future strategic initiatives
· Continually seek and consider innovative solutions to business and operational problems; apply as relevant in support of the organization’s mission
· Manage and direct the cyber security effort and provide input to the physical security function, including performance management, succession planning and workload balancing. Work closely with physical security team to improve the company’s overall security posture
· IT Enterprise Architecture and Governance Risk and Compliance (GRC)
· Project Management
· Cyber Risk Reporting and establishment of Key Risk Indicators and Key Performance Indicators
· Relevant certifications to the position (e.g. CISM, CCISO, etc.)
· Incident Readiness and Incident Recovery
· Information security technologies, markets and vendors including firewall, intrusion detection/prevention, assessment tools, encryption, certificate authority, web and application development
· Strategy, roadmap and investments as it relates to IT Cyber/Security software and appliances
· Relationship management – regulators, C-suite, Board, law enforcement and audit
· Audit and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications
· Application security, database technologies used to store enterprise information, directory services, financial information, and information systems auditing
· Strong understanding of how to apply current and emerging security technologies to solve business problems. Track record of developing and implementing comprehensive strategic response and recovery strategies, plans and procedures. Comprehensive understanding of applicable practices and laws relating to data privacy and protection
· Strong verbal and written communication skills, especially in the areas of presentation and interaction with people at all levels across an organization
· A track record in the successful management of programs and collaboration with people, both internal and external, as well as demonstrated complex program/project/vendor management skills
· Agile, versatile, flexible and the ability to work with constantly changing priorities
· Advanced degree in technology (computer science/engineering or related field) preferred
· Bachelor of Science Degree in Technology, Computer Science or equivalent work experience
· 10+ years of progressive leadership experience in computing and information security, including experience with Internet technologies and security issues
· Cyber security experience in the parking industry preferred
What We’ll Provide
Life and Disability
Paid Time Off (PTO)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
- Frequently operate small office equipment such as a computer, tablet, and copier/printer, telephone.
- Work is performed in a professional office environment.
- Frequently operate small office equipment such as computer, calculator, copier/printer
- Will remain in seated position for extended periods of time
Work is performed indoors for extended periods of time including up to the entire duration of shift.
- Extensive time in front of a computer screen, data entry and analysis
REEF Technology is an equal opportunity employer, and we value diversity at our company. REEF does not discriminate on the basis of race, religion, color, sex, national origin, gender identity, gender expression, sexual orientation, age, marital status, veteran status, or disability status. REEF complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.