Chief Information Security Officer

About the position

The Chief Information Security Officer (CISO) position is located within the Office of the Chief Information Officer at the Small Business Administration (SBA) and reports directly to the Deputy Chief Information Officer. This role is pivotal in providing leadership in the development and implementation of information security policies and guidance, as well as offering expert advice and collaboration with various offices, oversight agencies, and Congress. The CISO is responsible for protecting SBA's information assets, which are critical to supporting the Agency's extensive portfolio of small business programs valued at over a trillion dollars. In this capacity, the CISO will execute decision-making authorities and establish a clear vision and direction for the Agency's cyber and cyber-related resources and operations. The role involves bolstering cybersecurity measures to enhance the safety and security of SBA services, ensuring compliance with the Executive Order on Improving the Nation's Cybersecurity, and implementing the Federal Zero Trust Strategy. The CISO will lead the development, planning, coordination, administration, management, staffing, and supervision of information security and privacy operations across the SBA's IT security and privacy programs. Additionally, the CISO will maximize the integration of FISMA reporting with certification and accreditation processes to ensure continuous monitoring and remediation of IT systems' threats and vulnerabilities. The position requires assurance that information systems and associated facilities maintain a level of security that corresponds to the risks and potential harm associated with the loss, misuse, disclosure, or modification of sensitive information. The CISO will also facilitate information security risk assessments and risk management processes to proactively address potential security challenges.