I'm currently hiring for a Chief Information Security Officer (CISO) role for a full-time direct hire position based in Washington, DC. This opportunity offers full benefits and a hybrid schedule (2 days a week onsite).
Position Overview:
The Chief Information Security Officer (CISO) is responsible for leading the organization's information security strategy, overseeing the protection of sensitive data, and managing information security risks. This role ensures that security practices are integrated into daily operations and that the organization's information remains secure. The Information Security Supervisor will also manage the overall security posture of the enterprise, ensuring that systems and data are safeguarded.
Leadership Responsibilities:
The CISO may manage a team, which can include Information Security Engineers and Analysts, guiding their day-to-day tasks and supporting their development.
Scope of Work:
The CISO will collaborate with various internal stakeholders, including leadership, staff, and technical teams, as well as external partners such as vendors and consultants. The role also involves interacting with healthcare providers and public stakeholders as needed.
Key Responsibilities:
- Develop and implement comprehensive strategies for deploying security technologies across the organization.
- Establish and enforce information security policies and protocols to protect the organization’s networks and systems.
- Continuously monitor for vulnerabilities and security breaches, ensuring prompt communication with key stakeholders about potential threats.
- Safeguard intellectual property by embedding security best practices into daily operations, emphasizing data availability, confidentiality, and integrity.
- Conduct security risk assessments, identifying vulnerabilities and recommending mitigation strategies.
- Manage and maintain firewalls, intrusion detection systems, and network monitoring tools to ensure robust defense mechanisms are in place.
- Lead incident response activities, investigating and resolving security incidents to minimize impact.
- Take corrective action for security violations or system vulnerabilities, ensuring compliance with security standards.
- Evaluate and recommend security products and technologies, testing complex security architectures and design solutions from various vendors.
- Oversee the installation and modification of hardware or software to maintain optimal security posture.
- Review and remediate findings from vulnerability scans across a variety of platforms and systems.
- Provide technical guidance and support for implementing security standards, policies, and guidelines.
- Develop and execute scripts for system administration and security audits to ensure compliance.
- Actively seek training and development opportunities to stay current with emerging security trends and technologies.
Core Competencies:
- Excellent communication skills, both written and verbal, with the ability to explain complex security concepts to non-technical audiences.
- A detail-oriented, organized, and proactive problem solver, able to respond quickly to security challenges.
- Strong technical knowledge of IP networking, network protocols, and encryption standards such as VPNs, firewalls, and DNS.
- Experience with firewalls, vulnerability scanning tools, intrusion detection systems, and authentication mechanisms.
- Practical experience in analyzing network traffic and packet-level data (e.g., Wireshark, Snort, tcpdump).
- Familiarity with hacking tools and techniques, including phishing, ARP poisoning, and buffer overflows, along with SIEM (Security Information and Event Management) systems.
- Knowledge of compliance with federal security regulations (e.g., FISMA, NIST standards, HIPAA, FERPA).
- Hands-on experience with Linux, Windows, and other operating systems for system administration and security tasks.
Qualifications:
A bachelor's degree in computer science, Information Technology, or a related field with a focus on cybersecurity is required. A Master's degree in Business Administration or a related discipline is highly desirable. Candidates should have 3 to 5 years of experience in information security, with a strong background in firewall management, vulnerability scanning, and intrusion detection technologies. A minimum of three years’ experience in network security, incident response, forensics, and vulnerability assessments is essential. Certifications such as CISM, CISSP, CISA, CGEIT, CRISC, or similar are required, with Security+ as the minimum certification.