Jobs · Information Technology · Maryland

Deputy CISO

RK&K · Baltimore, MD · 1 wk ago
HybridInformation Technology$180k–$220k/yrFull-time

Cybersecurity Leadership and Strategy

Serve as RK&K’s senior cybersecurity leader responsible for day-to-day cyber operations and execution of the firm’s cybersecurity roadmap.
Partner with the CIO to develop, maintain, and execute a multi-year cybersecurity strategy aligned with RK&K’s business goals, client expectations, regulatory obligations, and risk appetite.
Provide regular reporting to the CIO and executive leadership on security posture, risk trends, major initiatives, incidents, metrics, and investment needs.
Advise the CIO on cybersecurity budget priorities, technology investments, staffing plans, vendor selection, and risk tradeoffs.
Create annual and multi-year security plans with measurable goals, timelines, milestones, and success criteria.
Represent cybersecurity in strategic technology planning, enterprise architecture decisions, digital transformation initiatives, acquisitions, client requirements, and major business initiatives.

Cyber Operations

Develop and lead RK&K’s cyber operations program, including security monitoring, detection, response, vulnerability management, endpoint security, identity security, email security, cloud security, and threat management.

Governance, Risk, and Compliance

Develop and lead RK&K’s cybersecurity governance, risk, and compliance program.
Lead a formal cyber risk acceptance and exception process.
Align cybersecurity compliance with contractual, regulatory, client-driven, and industry-specific cybersecurity requirements.

Security Architecture and Engineering

Establish security architecture principles, standards, and review processes for infrastructure, applications, cloud services, networks, endpoints, and identity platforms.
Partner with IT operations and enterprise architecture teams to ensure security is embedded into technology design and implementation.

Data Protection and Privacy

Support establishing data protection strategies for sensitive business information, client data, employee data, financial data, intellectual property, and regulated information.
Support establishing security requirements for document management, collaboration platforms, file shares, project data, client deliverables, and mobile access.

Incident Response, Resilience, and Business Continuity

Develop incident response policies, plans, playbooks, communication templates, escalation matrices, and decision trees.
Conduct tabletop exercises with executive leadership, IT, legal, HR, finance, communications, and business stakeholders.
Establish ransomware readiness plans, including containment strategies, backup validation, recovery priorities, communication plans, and decision-making processes.
Ensure backup environments are protected from compromise, unauthorized deletion, encryption by ransomware, and credential abuse.
Define and maintain metrics for mean time to detect, mean time to respond, incident volume, root causes, recurring issues, and control failures.

Required Skills And Experience

  • Bachelor’s degree in computer science, information technology, business administration, or related field.
  • 10 or more years of progressive experience in information technology, cybersecurity, risk management, security engineering, infrastructure, or related disciplines.
  • 5 or more years of cybersecurity leadership experience, including responsibility for security operations, incident response, governance, or cyber risk management.
  • Experience developing cybersecurity strategy, roadmaps, policies, standards, operating models, and governance processes.
  • Strong understanding of cybersecurity operations, including monitoring, detection, response, vulnerability management, endpoint security, identity security, and incident response.
  • Experience with cyber risk assessments, risk registers, control maturity assessments, remediation planning, and executive risk reporting.
  • Experience leading incident response activities, tabletop exercises, post-incident reviews, and cyber crisis coordination.
  • Familiarity with enterprise security technologies such as SIEM, EDR/XDR, MDR, vulnerability management platforms, firewalls, email security, identity platforms, DLP, CASB, PAM, and cloud security tools.
  • Strong knowledge of identity and access management, privileged access, multi-factor authentication, conditional access, single sign-on, and access reviews.
  • Experience supporting security audits, client questionnaires, contract security requirements, cyber insurance, or compliance reviews.
  • Ability to lead strategically while also operating hands-on in a developing security environment.

Similar jobs

CISO

Kore.aiSan Mateo, CA· 3 wk ago
Information Technologyapply on ats.rippling.com

CISO

RainNew York, NY· 6 mo ago
Information Technology$50k–$999k/yrapply on jobs.ashbyhq.com