Skip to main content

This job has expired

Deputy Chief Information Security Officer

Employer
United States Holocaust Memorial Museum
Location
Washington D.C.
Salary
Salary is commensurate with experience.
Date posted
Feb 13, 2024

Job Details

 Information about the role

The Office of Information Technology reports to the Chief Financial Officer and exists to provide technology services and solutions to the staff of the Museum. We also play a key role in driving business transformation across the organization so that we can operate more effectively and our staff can spend more of their time on supporting our mission.

The Office of the Chief Information Officer directly oversees and ensures that the technology components of the Museum are connected in a seamless and well-integrated manner, manages information security, quality assurance and the protection of digital information, management of institutional projects for the establishment of improved information dissemination, professional project practices and manages the financial and procurement of hardware and software for the Institution.

The primary purpose of the position is to serve as the Deputy Chief Information Security Officer (D/CISO) with responsibility for planning, design, development, and deployment of security tools and strategies to protect the Museum’s information, systems and services from malicious intent, both internal and external.

This position is located in Washington, DC and is hybrid telework eligible, within the local commuting area of the Museum worksite.

Duties, and Responsibilities for the role

  • Designs, implements, manages, and maintains an IT security program and strategy that protects the United States Holocaust Memorial Museum (USHMM) IT systems and data against unauthorized use, modification, inaccessibility, and loss.
  • Fosters collaboration by working in partnership with, among others, program offices, auditors, international partners and governmental partners, to develop, maintain, promulgate, and implement security policies, guidelines, tools, and services consistent with industry-leading security practices.
  • Administers the Museum’s security incident response program to include investments in preventative, detective, and corrective technical controls, and advanced IT security capabilities.
  • Promotes IT security across the systems development life cycle by providing a broad range of advisory services on IT security-related issues, including research into new technologies and the security implications of their use; collaboration with program offices to include security controls early on and across the system development life cycle.
  • Enables fact-based decision-making and recommendations about security investments by synthesizing information from multiple sources and making recommendations.
  • Oversees the delivery of existing services, such IT security testing and assessment, and introduces new services that aid in prioritization and the creation of IT security roadmaps.
  • Promotes a security-awareness culture through an understanding and communication of national policies, development of security awareness materials, conference participation, creation of monthly newsletters, and maintenance of an informative intranet site. Ensures the IT security program aligns with the Museum’s overall strategic goals.
  • Develops and executes budget plans and reallocates resources as needed.
  • Advises the Museum’s Executive Team and Council regarding IT security technology.
  • Maintains relationships with external entities, such as the U.S. Cybersecurity Infrastructure Security Agency, the National Institute of Standards and Technology (NIST), and the U.S. Office of Management and Budget to enhance the Museum’s IT security program and, where applicable, align Museum security practices to government directives.
  • Develops IT security standards that prevent misuse and unauthorized access to Museum data for all Museum procurements.
  • Leads the Museum’s development, security and operations (DevSecOps) program.
  • Serves as a contracting officer’s representative (COR) to oversee and manage contracts supporting information technology projects. Prepares statements of work relative for upcoming network installations and general preparations for installations.
  • Supervises Museum staff possessing technical expertise in varied disciplines who are engaged in a diversity of projects.
  • Anticipates, identifies, evaluates, mitigates and minimizes risks associated with IT systems vulnerabilities. Reviews proposed new systems, networks, and software designs for potential security risks. Resolves integration issues related to the implementation of new systems with the existing infrastructure.
  • Other duties as assigned.

Minimum Qualifications for the role

  • Professional security management certification such as Certified Information Security Manager (CISM) or Certified Information System Security Professional (CISSP).
  • 8+ years of experience in a combination of risk management, information security and IT roles.
  • Experience with Identity and Access Management (IAM) policies and technologies.
  • Experience with IT Security Incident Response and Disaster Recovery planning
  • Experience with IT Security audits, assessments and cyber forensics
  • Knowledge of common information security management frameworks, such as International Standards Organization 27001, the NIST Cybersecurity Framework, and FedRamp.
  • Familiarity with Zero Trust Architecture principles.
  • Hands-on or practical experience using Extended Detection and Response, Network Detection and Response, Web Application Firewalls, and Network Traffic Analysis.
  • Specific experience in a DevSecOps environment or other best-in-class development practices.
  • Experience with cloud computing and elastic computing across virtualized environments.
  • Experience with contract and vendor negotiations and management, including managed services.
  • Proven ability to lead and motivate cross-functional, interdisciplinary teams.
  • Experience managing security teams with varied technical skill sets.
  • Excellent written and verbal communication skills.

Preferred Qualifications for the role

  • Expertise with
    • Identity and Access Management (IAM)
    • IT Security Incident Response
    • IT Security Audits and Assessments

Company

The United States Holocaust Memorial Museum is looking for dedicated and passionate individuals to join the Museum’s team and help support our mission. Since opening in 1993, the Museum has been committed to serving as a living memorial to the Holocaust. We are dedicated to helping leaders and citizens of the world confront hatred, prevent genocide, and promote human dignity. Our employees are an important and integral part of the successful operation of the Museum and its programs. We welcome a variety of ideas, experiences and perspectives to ensure we continue as a leading, living memorial to the Holocaust.

The Museum employs staff in a variety of areas, such as collections, marketing, fundraising, education, exhibits, programming, Museum shop, and many others. 

The Museum is committed to cultivating and maintaining a culture of diversity, equity, accessibility and inclusion (DEAI). Every member of our Museum community is responsible for ensuring that the Museum is free of discrimination, harassment, and retaliation and for promoting a diverse, equitable, accessible, and inclusive institution. This includes supporting DEAI throughout our workplace—in our policies, programs, culture, facilities, and technology.

Company info
Website

Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert