Chief Information Security Officer (CISO)
Posting Date: July 25, 2018
Closing Date: Opened until filled
Salary: Excepted Service Grade 11 ($149,457 to $223,885)
This position is located in the District of Columbia, Office of the Chief Technology Officer (OCTO). The position serves as a Chief Information Security Officer (CISO) for the Office of the Chief Technology Officer (OCTO). This position is responsible for overseeing the development, design, implementation, and security policies and procedures across the District and throughout District Government agencies.
The incumbent is an experience CISO with fifteen (15) or more significant years of information security experience. The incumbent is a results-driven CISO with a proven track record of leading information security teams to provide efficient, secure business solutions that address security threats, risks and vulnerabilities to business continuity. The incumbent is an exceptional leader and communicator, thrive on developing strong partnerships with the District of Columbia Government and Federal agencies, and have experience in the administration of large enterprise cyber security.
The CISO reports directly to the Chief Technology Officer (CTO) and is accountable for maintaining cyber security policy and readiness within the District of Columbia Government. The incumbent establishes and maintains a comprehensive information security program to ensure that all District Government agencies information assets are adequately protected against current/future internal/external threats. The position is responsible for identifying, evaluating, reporting and planning mitigation of cyber security risks in a manner that meets compliance and regulatory requirements and that aligns with and supports the desired risk posture of the District Government. The CISO proactively works with the District Government agencies to implement practices and technologies that meet OCTO's policies and standards for cyber security fined by the program.
The CISO serves as the process owner of all ongoing security processes related to the confidentiality, integrity and availability information resources for District Government agencies and in establishing compliance criteria for District departments. A key element of the CISO's role is working with District Government agencies and other Federal and state agencies to manage information technology (IT) risk factors, and to help the District manage cyber security and, in particular, the critical infrastructure and information protection. The CISO position requires a visionary leader who is highly knowledgeable about the business environment, the threat landscape, and cyber security architecture, technology and operations.
MAJOR DUTIES AND RESPONSIBILITIES
- The incumbent establishes and maintains an enterprise-wide vision, strategy, architecture, and program for ensuring that information assets are appropriately protected.
- The incumbent maintains an awareness of current and developing information security regulations, technology, and threats.
- Assists other District Government agencies with compliance in all applicable local and Federal standards, directives, policies and requirements regarding the information security.
- Ensures implementation of the information security plans; and manages the operational processes for monitoring and maintaining information security.
- The incumbent monitors and assesses the overall compliance of District Government agencies with information security regulations, policies, programs, and procedures.
- Creates a comprehensive set of policies, procedures, and security plans to maintain appropriate security for the various types and categories of unclassified and classified information assets.
- Ensures gaps and/or weaknesses are appropriately assigned and completed in a timely manner to maintain information security continuity.
- Coordinates, develops and implements plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provide direction, support and in-house consulting in these areas.
- Conducts regular third-party independent audits of our information security.
- Completes regular information security reports and assessments, as are required, by regulatory agencies, and by District Government agencies and other communication methods, as neccessary. Prepares regular reports on agency information security status to the CTO, as required.
- Performs other related duties as assigned.
TECHNICAL AND PROFESSIONAL REQUIREMENTS
- Fifteen plus (15+) years of information technology experience, with 10 years or more of relevant information security leadership experience.
- Expert knowledge and understanding of information security architecture, information security technologies, systems design, integration of systems, and policy.
- Minimum of six years leadership experience in managing multiple geographically dispersed technical staff, and influencing senior level management and key stakeholders.
- Mastery experience of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (Fed RAMP), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), Defense Federal Acquisition Regulation Supplement (DFARS), Health Insurance Portability and Accountability Act (HIPPA), Personally Identifiable Information (PII), and Protected Health Information (PHI), and various other laws and regulations including Executive Orders.
- Expert experience and technical knowledge and experience working with the latest information security technologies and tools, including both commercially available, Government supplied, and custom developed.
- Mastery experience must include tools for maintaining security, for assessing and evaluating security, and for doing security incident forensic work.
- Expert knowledge of vendors and their products including: The Apache Software Foundation, ArcSight, Bit9, Bluecoat, Cisco, McAfee, FireEye, Palo Alto Networks, Juniper Networks, RSA Security (EMC), Symantec, Tripwire.
- Expert experience with Classified system environments and the related security requirements.
- Knowledge of the United States Government Configuration Baseline (USGCB).
- Exceptional ability to manage extremely technical staff working on very sensitive subject areas and with extremely sensitive information.
- Successful ability to partner and influence across District Government agencies to achieve work completion through individuals not under the CISO's direct control.
- High degree of initiative, dependability and experience managing multiple, simultaneous, significant information security related initiatives and responses.
- Expert knowledge and application of quality assurance methodologies to application and infrastructure delivery and experience meeting regulatory requirements while achieving exceptional quality standards.
- Superior written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and inspectors.
If interested in this position, please complete the application. Only candidates meeting minimum qualifications will move forward to interview.