Our client is a conglomerate based in Washington, DC who is hiring a Deputy Chief Information Security Officer. This is a senior level position supporting the Chief Information Officer with the enhancement of cybersecurity defenses, safeguarding the integrity and resilience of critical systems and information. If you are a mission-driven individual who can integrate people, processes, and technology into a pro-active, risk-minded organization that is both agile and innovative, this is the place for you!
Role Overview
As the Deputy Chief Information Security Officer, you will navigate the complex landscape of cybersecurity, directing daily operations and helping shape the strategic direction of cybersecurity efforts. This role affords significant autonomy to influence policies, develop long range goals, and ensure the seamless integration of cybersecurity measures into our client's IT infrastructure. You will be instrumental in leading their response to cybersecurity challenges, managing risks, and fostering a culture of innovation and excellence across the department.
Key Responsibilities
Leadership and Integration: Guide the integration of information security processes with strategic and operational plans, collaborating with senior leadership to protect organizational assets. Lead and oversee information security budget, staffing, and contracting. Cultivate talent and engage teams to further cohesion and collaboration across internal and external team members.
Strategic Planning: Collaborate with the CISO on developing strategic plans and executing against that plan. Develop policies, plans, and strategies in alignment with legal and regulatory standards to support cybersecurity initiatives.
Cybersecurity Principles: Utilize an in-depth understanding of cybersecurity principles to design and implement robust security measures.
Policy and Strategy Implementation: Implement objectives and policies as established by the organization leadership; contribute to the formulation and execution of short- and long-term cybersecurity goals. Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Ability to exercise judgment when policies are not well-defined.
Risk Management Framework: Oversee the management of the IT risk management framework, ensuring robust defenses against digital threats.
Collaborative Engagement: Engage in activities with user groups, task forces, and steering committees across the enterprise to enhance cybersecurity collaboration and initiatives. Interpersonal skills and business acumen required to thrive.
Project and Time Management: Via your team, manage multiple projects with competing deadlines, demonstrating prioritization and re-prioritization in challenging environments.
Risk Assessment and Vendor and Third-Party Security: Conduct thorough risk assessments identify potential security vulnerabilities and threats. Evaluate the security posture of third-party vendors and integrating their services or products securely into the organization's IT environment.
Performance and Trend Analysis: Develop new criteria and methods for evaluating the performance of cybersecurity activities and identifying trends.
Systems Design and Integration: Ensuring that security is an integral part of the IT architecture from the outset. This involves selecting secure frameworks and technologies, designing networks with defense-in-depth principles, and ensuring that systems are resilient to both external and internal threats.
Contracting Officer Representative: Responsible drafting and reviewing contracts and acting as the liaison between the organization and its contractors, ensuring that all contractual terms are met, monitoring the contractor's performance for compliance with contract requirements.
Key Accountabilities/Essential Job Duties
Directs the ongoing, daily operations of the Cybersecurity Department. Implements objectives and policies established by leadership; participates in the formulation and implementation of short- and long-range goals.
Manages the IT risk management framework.
Implements new criteria and methods for setting and evaluating cybersecurity activity performance accomplishments and cybersecurity trends.
Establishes general management policies and practices governing the design, development, integration and testing of information systems and networks.
Participates in user groups, task forces, and steering committee activities with other business functions and organizations.
Participates in the determination of cybersecurity requirements; evaluates feasibility of potential applications, systems, and communication networks; participates in the approval of the equipment and other resources required to implement the applications, systems, and networks.
Assess cybersecurity needs, evaluating the feasibility of potential IT solutions and overseeing the allocation of resources to implement necessary systems and networks.
Conduct periodic gap analyses to identify and address cybersecurity capabilities and needs, ensuring digital assets are comprehensively protected.
Promote awareness of security threats and mitigations among executives, stakeholders, and the community at large and ensure sound security principles are reflected.
JOB SPECIFICATIONS
Required Education
Bachelor's Degree in Information Technology, Cybersecurity, Information Systems, or an equivalent combination of education and work experience. Advanced degree in non-technical space (MBA, MA, MFA) welcomed but not required.
Desired Qualifications and Required Work Experience
Twelve years of experience, including at least five years of team management experience, in cybersecurity, threat intelligence, and information technology.
Demonstrated ability to develop and implement effective cybersecurity strategies and manage IT risk.
Team leader with demonstrated success in building cultures of accountability and engagement.
Strong analytical, critical thinking, problem solving and communication skills.
Experience with cyber competitions and practical cybersecurity exercises is a plus.
Deep understanding of the impact of cybersecurity on organizational processes.
Solid commitment to continuous learning and willingness to leverage advanced training, workshops, and seminars to further your knowledge.
Security Clearance
As a government contractor, this role requires that applicants can obtain and maintain a TS/SCI U.S. Government security clearance; therefore, our client is seeking applicants who are U.S. citizens.