Jobs · Information Technology · New York

Chief Information Security Officer

Information Technology$248k–$400k/yrFull-time

About the role

The PCAOB is seeking a Chief Information Security Officer (CISO) to lead the organization's information security program and cybersecurity operations.

Responsibilities

  • Strategic leadership, implementation, monitoring, reporting, and continuous improvement of the PCAOB's information security program.
  • Oversee and mature the operations of a PCAOB-wide information security organization with a common goal in information security and cybersecurity risk.
  • Provide leadership and foster collaboration with risk, compliance, and legal teams and business stakeholders to ensure a secure approach to innovation and the application of artificial intelligence (AI).
  • Lead efforts to continually assess, evaluate, and make recommendations to management regarding the adequacy of IT general and security controls.
  • Develop, implement, and administer technical cybersecurity standards, as well as the suite of security services and tools, and align to existing PCAOB policies, frameworks, and procedures.
  • Design and implement a tactical structure to address Security Operations Center (SOC) structures to better enable outage notifications, security risks/threats, or elevation of incidents that occur within the PCAOB environment.
  • Establish annual and long-range cybersecurity and compliance goals, align with data and technology strategies, create and monitor Key Performance Indicators (KPI), and forge a multi-year information security roadmap.
  • Proactively identify, assess, and prioritize IT risks to data and systems in coordination with OT portfolio management and OERM including internal/external threats, cyber-crimes, and vendor/third-party risks; partner with OERM or relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
  • Lead a technical team to proactively work with business units across the PCAOB to implement practices and ensure implementation of technological controls that meet agreed-on policies and standards for information security.
  • Develop, implement, and enforce effective frameworks, relevant policies, processes, and practices to secure protected and sensitive data in accordance with the PCAOB’s Information Sensitivity Classification ensuring compliance with relevant legislation and legal interpretation.
  • Collaborate and coordinate with the CRO to identify, evaluate, and report on OERM organizational-level risk reports to the Board in areas such as legal and regulatory, IT, and cybersecurity risk, while supporting and advancing business objectives.
  • Provide leadership supporting a team to streamline and maintain a modern compliance model for cybersecurity safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
  • Conduct and support regular internal and external security assessments, tabletop exercises, penetration tests, playbook development, and red/purple team exercises to proactively test the effectiveness of security controls including OT Security Program Assessments and corrective action plans.
  • Keep abreast of security incidents and act as primary control point during significant information security incidents; convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. This may require availability off hours, as applicable.
  • Mature education and awareness programs and advise PCAOB leadership at all levels on security issues, best practices, and vulnerabilities.
  • Examine impacts of new technologies on the PCAOB's overall information security; establish processes to review implementation of new technologies to ensure security compliance.
  • Perform the full range of supervisory duties, including resource allocation plans, evaluating employee performance; making recommendations for appointment and promotion; hearing and resolving complaints; identifying development and training needs of employees; other related supervisory tasks.

Qualifications

  • Bachelor’s degree or equivalent experience in information technology, engineering, computer science, cybersecurity, or related field.
  • Minimum of 15+ years experience in cybersecurity with 5+ years in progressive leadership roles.
  • Minimum of 7+ years experience directly supporting reference architectures around Microsoft Technology environments.
  • Minimum of 5+ years Agile experience managing Scrum/Kanban teams and Agile methodologies/ceremonies.
  • Minimum of 5+ years experience with cloud computing/elastic computing across virtualized environments.
  • Working knowledge of Data Loss Prevention (DLP) programs and best practices, including expertise in securing large, unstructured, and rapidly evolving data sets.
  • Hands-on experience implementing NIST, ISO, SOX, PCI, or other frameworks.
  • Experience with contract and vendor negotiations and management including managed services.
  • Experience in planning, organizing, and developing IT security system technologies.
  • Ability to explain information security, cyber security, and data privacy issues and programs to non-technical and non-expert audiences.
  • Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.
  • Proven record of strategic planning, functional transformation experience, and conflict management.
  • A self-starter able to administer several open, ongoing assignments at any one time, where some assignments are routinely unstructured, requiring autonomy and independent judgment.
  • In-depth experience successfully harmonizing diverse and competing interests.
  • Ability to clearly articulate a position with sound logic, supporting empirical evidence, and impartiality.
  • Ability to effectively represent the organization to a variety of both internal and external constituencies, deconstruct complex challenges, and translate business needs into technology solutions.
  • Occasional travel to the PCAOB’s regional offices.
  • Superior verbal and written communication skills.
  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Preferred Qualifications

  • CISM, CISSP, CRISC or other relevant certification.
  • Leadership/Management Skills And Abilities:
  • Ability to work in matrixed environments.
  • Ability to work in Agile operating frameworks.
  • Ability to flourish in environments of change to advance continuous improvement.
  • Ability to drive a positive “tone at the top” of the organization and hold others accountable for doing the same.

Similar jobs

Security Officer

DK SecurityMuskegon, MI· Today
Management$20/hrapply on joblinkapply.com

Security Officer

Northeast Regional Medical CenterKirksville, MO· Yesterday
Information Technologyapply on fa-evxo-saasfaprod1.fa.ocs.oraclecloud.com

Security Officer

DK SecuritySparta, MI· 3 days ago
Information Technology$20/hrapply on joblinkapply.com

Security Officer

DK SecurityInkster, MI· 3 days ago
Information Technology$19.4/hrapply on joblinkapply.com

Security Officer

Lovelace Health SystemAlbuquerque, NM· 5 days ago
Information Technologyapply on jobs.ardenthealth.com

Security Officer

BayCare Health SystemMorton County, ND· 6 days ago
apply on css-baycarehs-prd.inforcloudsuite.com