Deputy Chief Information Security Officer

United States Holocaust Memorial Museum - Washington, DC

posted about 2 months ago

Full-time - Senior
Washington, DC

About the position

The Deputy Chief Information Security Officer (D/CISO) at the United States Holocaust Memorial Museum is responsible for the planning, design, development, and deployment of security tools and strategies to protect the Museum's information, systems, and services from malicious threats. This role involves overseeing the IT security program, fostering collaboration with various stakeholders, and ensuring that security practices align with the Museum's strategic goals. The D/CISO will also manage the security incident response program and promote a culture of security awareness within the organization.

Responsibilities

  • Design, implement, manage, and maintain an IT security program and strategy to protect the Museum's IT systems and data.
  • Collaborate with program offices, auditors, and governmental partners to develop and implement security policies and guidelines.
  • Administer the Museum's security incident response program, including investments in technical controls and advanced IT security capabilities.
  • Provide advisory services on IT security-related issues and promote security across the systems development life cycle.
  • Synthesize information from multiple sources to enable fact-based decision-making regarding security investments.
  • Oversee the delivery of IT security services and introduce new services to aid in prioritization and roadmap creation.
  • Promote a security-awareness culture through communication of national policies and development of security awareness materials.
  • Develop and execute budget plans and manage resource allocation as needed.
  • Advise the Museum's Executive Team on IT security technology.
  • Maintain relationships with external entities to enhance the Museum's IT security program.
  • Develop IT security standards to prevent unauthorized access to Museum data.
  • Lead the Museum's DevSecOps program and manage contracts supporting IT projects.
  • Supervise technical staff engaged in various projects.
  • Identify and mitigate risks associated with IT systems vulnerabilities.

Requirements

  • Professional security management certification such as CISM or CISSP.
  • 8+ years of experience in risk management, information security, and IT roles.
  • Experience with Identity and Access Management (IAM) policies and technologies.
  • Experience with IT Security Incident Response and Disaster Recovery planning.
  • Experience with IT Security audits, assessments, and cyber forensics.
  • Knowledge of information security management frameworks like ISO 27001 and NIST Cybersecurity Framework.
  • Familiarity with Zero Trust Architecture principles.
  • Hands-on experience with Extended Detection and Response and Network Traffic Analysis.
  • Experience in a DevSecOps environment or best-in-class development practices.
  • Experience with cloud computing in virtualized environments.
  • Experience with contract and vendor negotiations and management.
  • Proven ability to lead and motivate cross-functional teams.
  • Excellent written and verbal communication skills.

Nice-to-haves

  • Expertise in Identity and Access Management (IAM)
  • Expertise in IT Security Incident Response
  • Expertise in IT Security Audits and Assessments

Benefits

  • Generous paid leave benefits
  • Health, dental, and vision insurance
  • Flexible spending accounts
  • Health savings account with employer contribution
  • 403(b) retirement plan with employer match
  • Group term and supplemental life insurance
  • Short and long-term disability
  • Commuter subsidy
  • Access to employee assistance programs
  • Voluntary critical illness and accident insurance
  • Long-term care and pet insurance options
  • Support for telework and flexible schedule options

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service