Chief Information Security Officer

Chief Information Security Officer

Vacancy expired!

Job Type:
Regular

Chief Information Security Officer

Position Description

RAND Information Services is made up of exceptional information technology professionals from diverse backgrounds. We are looking for the next outstanding addition to join our team. Beyond providing an outstanding computing environment RAND offers excellent benefits, and its corporate headquarters are two blocks from the Pacific Ocean in Santa Monica, California. Other offices are in Boston, Pittsburgh, and Washington.

Join us at RAND and make a positive difference in the world.

The Chief Information Security Officer will be directly responsible for all global aspects of a strategic, comprehensive information security and IT risk management program within RAND. As an innovative and resourceful partner, it is critical for RAND to build and maintain appropriate security safeguards that are designed to protect the confidentiality and integrity of our products and systems for our customers and internal users. You will scale the security organization and drive the program to its next level of maturity as we all work to make RAND grow and improve. You will work with leaders across the organization to develop and implement a robust framework of appropriate technology and tools. You will interact with broader executive leadership to communicate on our evolving needs, matching the size and complexity of our organization with security strategy and operations right sized for our stage of growth and the information we safeguard.

Responsibilities

• Develop, implement, and monitor a strategic and comprehensive enterprise-wide information security and risk management program that provides a strategic and tactical vision around adversary and threat detection, incident response, and asset fortification
• Attract, hire, and retain a high-performing team of world-class security talent who will continue to address the information security needs of the company
• Review all suitable areas of operation and certify the RAND Corporation follows all applicable federal and state laws, directives, policies, and customer requirements regarding the securing of information
• Ensure the organization has a comprehensive set of policies, procedures, and security plans to maintain appropriate security for the various types and categories of unclassified and classified information assets
• Set the overall information security vision, strategy, and architecture for the organization. Direct the staff in the development and implementation of security policies, programs, and procedures to meet regulatory requirements and ensure compliance with organizational policies and requirements of our clients
• Oversee regular third-party independent audits of our information security and ensures implementation of resulting actions to address gaps or weaknesses are appropriately assigned and completed in a timely manner to maintain information security
• Provide regular reports to the RAND Board of Trustees including updates on the threat landscape, security projects and improvements and changes in the regulatory environment as well as results of recent audits and security
• Maintain awareness of developing risks and has responsibility for continually responding to those risks. Responsible for managing our response to incidents and ensuring that they are appropriately addressed, documented, and reported
• Partner and aligns with business and technical teams to solve a wide variety of security issues that require an in-depth understanding of infrastructure, cloud-based applications, and architecture
• Guide technical development of security tools and product features to reduce security risk across the company and examines impacts of new technologies on the organization's overall information security
• Actively participate in industry organizations and partners with related research centers such as ND-ISAC, FFRDCs and UARCs
• Identify, track, and communicate detailed metrics indicating overall security risk factors

Qualifications

• Broad technology experience encompassing Information Security, Infrastructure Systems Operations, and Application Development in SaaS and on premises environments
• Demonstrated experience successfully managing an information security organization and experience with complex security incident response leadership, architecture, policy regulations, and risk and compliance
• Demonstrated capability in building, mentoring, and managing global security teams offering and providing structure for professional development of team members
• Demonstrated commitment to the principles of diversity, equity, and inclusion including working with a variety of people of diverse backgrounds and perspectives across all levels in a collegial, collaborative, and intellectually challenging environment
• Must have understanding of federal mandated requirements and regulations from various governing bodies including National Institute of Standards and Technology (NIST) standards and Defense Federal Acquisition Regulation Supplement (DFARS) policy as well as Federal Information Security Management Act (FISMA) Federal Information Processing Standard (FIPS), Health Insurance Portability and Accountability Act (HIPPA), Personally Identifiable Information (PII), and Protected Health Information (PHI) guidance, and various other laws and regulations including Executive Orders
• Well-versed in the rapidly evolving threat landscape with a strategic mindset to mitigate threats and an established personal network for standard methodologies and information sharing around emerging challenges in the security space
• Strong business sense with an ability to balance "business value" vs "security risk" while maintaining an acceptable level of safe operations and risk mitigation
• Demonstrated experience representing an organization's information security program in presentations and discussions with executives, customers, partners, and other external parties
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics for understanding and critical decision making
• Strong technical expertise in the areas of information security architecture and technologies including firewalls, intrusion detection and prevention, forward and reverse proxies, data loss prevention, public key infrastructure, and vulnerability management

Education

• Bachelor's degree in Information Security, Computer Science, Software Engineering or related field, or equivalent related work experience of 10 or more years. An advanced degree in a related field is a plus

• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar are preferred

Security Clearance

The ability to obtain and maintain a secret security clearance is required; U.S. citizenship is required to obtain a security clearance. An active top-secret clearance, or the ability to obtain and maintain a top-secret security clearance is desired.

Location

This position may work from the following RAND locations: Santa Monica, Pittsburgh, and Washington, D.C. This position offers a flex work arrangement with a mix of time in the office and working from home.

Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet