CAREERS | Chief Information Security Officer

Note: This position is now closed. Thank you for your interest.

The DC Office of the Chief Technology Officer (OCTO) is looking for an experienced leader to guide our citywide IT security team.

JOB SUMMARY

This position is located in the District of Columbia, Office of the Chief Technology Officer (OCTO). The position serves as a Chief Information Security Officer (CISO) for the Office of the Chief Technology Officer (OCTO). This position is responsible for overseeing the development, design, implementation, and security policies and procedures across the District and throughout District Government agencies.

The incumbent is an experience CISO with fifteen (15) or more significant years of information security experience. The incumbent is a results-driven CISO with a proven track record of leading information security teams to provide efficient, secure business solutions that address security threats, risks and vulnerabilities to business continuity. The incumbent is an exceptional leader and communicator, thrive on developing strong partnerships with the District of Columbia Government and Federal agencies, and have experience in the administration of large enterprise cyber security.

QUALIFICATIONS

The incumbent establishes and maintains an enterprise-wide vision, strategy, architecture, and program for ensuring that information assets are appropriately protected.

The incumbent maintains an awareness of current and developing information security regulations, technology, and threats. Assists other District Government agencies with compliance in all applicable local and Federal standards, directives, policies and requirements regarding the information security. Ensures implementation of the information security plans; and manages the operational processes for monitoring and maintaining information security. The incumbent monitors and assesses the overall compliance of District Government agencies with information security regulations, policies, programs, and procedures.

Creates a comprehensive set of policies, procedures, and security plans to maintain appropriate security for the various types and categories of unclassified and classified information assets. Ensures gaps and/or weaknesses are appropriately assigned and completed in a timely manner to maintain information security continuity.

Coordinates, develops and implements plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provide direction, support and in-house consulting in these areas.

Conducts regular third-party independent audits of our information security. Completes regular information security reports and assessments, as are required, by regulatory agencies, and by District Government agencies and other communication methods, as necessary. Prepares regular reports on agency information security status to the CTO, as required. 
Performs other related duties as assigned.

Expert knowledge and understanding of information security architecture, information security technologies, systems design, integration of systems, and policy.

Minimum of six years leadership experience in managing multiple geographically dispersed technical staff, and influencing senior level management and key stakeholders.

Mastery experience of information security regulations, including Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Federal Information Processing Standard (FIPS), National Institute of Standards and Technology (NIST), Defense Federal Acquisition Regulation Supplement (DFARS), Health Insurance Portability and Accountability Act (HIPPA), Personally Identifiable Information (PII), and Protected Health Information (PHI), and various other laws and regulations including Executive Orders.

Expert experience and technical knowledge and experience working with the latest information security technologies and tools, including both commercially available, Government supplied, and custom developed.

Mastery experience must include tools for maintaining security, for assessing and evaluating security, and for doing security incident forensic work.

Expert knowledge of vendors and their products including: The Apache Software Foundation, ArcSight, Bit9, Bluecoat, Cisco, McAfee, FireEye, Palo Alto Networks, Juniper Networks, RSA Security (EMC), Symantec, Tripwire.

Expert experience with Classified system environments and the related security requirements.

Knowledge of the United States Government Configuration Baseline (USGCB).

Exceptional ability to manage extremely technical staff working on very sensitive subject areas and with extremely sensitive information.

Successful ability to partner and influence across District Government agencies to achieve work completion through individuals not under the CISO’s direct control.

High degree of initiative, dependability and experience managing multiple, simultaneous, significant information security related initiatives and responses.

Expert knowledge and application of quality assurance methodologies to application and infrastructure delivery and experience meeting regulatory requirements while achieving exceptional quality standards.

Superior written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and inspectors.

LICENSURES, CERTIFICATIONS AND OTHER REQUIREMENTS

Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

Preference for an existing Top Security SCI clearance. US Citizenship is required to obtain a security clearance is required.

A criminal background and credit check are required for positions within the Office of the Chief Technology Officer.

EDUCATION

Master’s degree (or equivalent experience) in Computer Science, Software Engineering, or a relevant technology field, engineering, systems management, computer science, or operations management is preferred. Strong consideration will be given for advanced degrees in related fields and related professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

WORK EXPERIENCE

Fifteen plus (15+) years of information technology experience, with 10 years or more of relevant information security leadership experience.

WORK ENVIRONMENT

The work is performed in an office setting.