"The CISO will be responsible for leading, implementing and operating the House cybersecurity program, maintaining and updating a comprehensive cybersecurity strategy that ensures the confidentiality, integrity, and availability of the House’s information systems and resources. The CISO role requires a visionary, positive leadership focused individual with sound knowledge of cybersecurity fundamentals for risk management, incident management/response, and offensive engineering."
Maintains responsibility for the overall/comprehensive executive level management in the areas of Information Security.
Acts as a senior advisor to the CAO, the CIO, and various House and legislative branch constituents on issues related to Information Security.
Maintains responsibility for the development, socialization, approval and implementation of security policies.
Appropriately assigns and monitors the progress of special limited-term projects and initiatives from assignment through completion.
Briefs House leadership and officials on information security matters and issues.
Provides appropriate assistance with computer forensics investigations to other House entities.
Implements, manages, and operates systems to control access to House systems and data.
Coordinates Members, Committees, and House Support Office security audits to ensure continued security of the network.
Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
Works with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations
Assists with the identification of non-IT managed IT services in use ("citizen IT") and facilitates a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this information security risk is clear
Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
On a continuous basis, evaluates overall Information Technology security direction of the House, ensuring that all activities are secure, effective, and efficient.
Develops budget plans for the Information Security office personnel and non-personnel resources
Ensures 24x7 hour coverage for Information Security office functions.
Provides guidance to staff and supervisors on desired results and planning considerations, monitors progress of assigned projects, and provides additional resources as appropriate.
Read the full job description here.
Reply to this post...