Chief Information Security Officer

About The Position

Requirements

• Bachelor’s degree or equivalent experience in information technology, engineering, computer science, cybersecurity, or related field.
• Minimum of 15+ years experience in cybersecurity with 5+ years in progressive leadership roles.
• Minimum of 7+ years experience directly supporting reference architectures around Microsoft Technology environments.
• Minimum of 5+ years Agile experience managing Scrum/Kanban teams and Agile methodologies/ceremonies.
• Minimum of 5+ years experience with cloud computing/elastic computing across virtualized environments.
• Working knowledge of Data Loss Prevention (DLP) programs and best practices, including expertise in securing large, unstructured, and rapidly evolving data sets.
• Hands-on experience implementing NIST, ISO, SOX, PCI, or other frameworks.
• Working knowledge of security architectures and compliance best practices with Microsoft Azure, Cloud Access Security Brokers (CASB), and Zero-trust environments.
• Experience with contract and vendor negotiations and management including managed services.
• Experience in planning, organizing, and developing IT security system technologies.
• Ability to explain information security, cyber security, and data privacy issues and programs to non-technical and non-expert audiences.
• Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.
• Proven record of strategic planning, functional transformation experience, and conflict management.
• A self-starter able to administer several open, ongoing assignments at any one time, where some assignments are routinely unstructured, requiring autonomy and independent judgment.
• In-depth experience successfully harmonizing diverse and competing interests.
• Ability to clearly articulate a position with sound logic, supporting empirical evidence, and impartiality.
• Ability to effectively represent the organization to a variety of both internal and external constituencies, deconstruct complex challenges, and translate business needs into technology solutions.
• Occasional travel to the PCAOB’s regional offices.
• Superior verbal and written communication skills.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Nice To Haves

• CISM, CISSP, CRISC or other relevant certification.
• Leadership/Management Skills and Abilities
• Ability to work in matrixed environments
• Ability to work in Agile operating frameworks
• Ability to flourish in environments of change to advance continuous improvement
• Ability to drive a positive “tone at the top” of the organization and hold others accountable for doing the same.
• Ensures that own behavior and the behavior of others is consistent with the highest ethical standards and aligns with the values of the organization.
• Must be able to motivate and inspire employees at all levels of the organization in order to enhance team commitment and individual performance.
• Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.
• Ability to promote collaboration by unifying teams, setting common goals and incentivizing collaborative behavior.
• Demonstrated success in establishing and maintaining positive working relationships with others, both internally and externally, to achieve the goals of the organization.
• Strong ability to build credibility, organize effectively, solve problems quickly and communicate clearly.
• Possesses the balance and emotional intelligence required to meet the diverse needs of the divisions/offices.
• Proven ability to navigate and resolve various types of conflict in a timely and productive manner.

Responsibilities

• Responsible for the strategic leadership, implementation, monitoring, reporting, and continuous improvement of the PCAOB's information security program.
• Work with PCAOB leadership, divisions, and offices to oversee and mature the operations of a PCAOB-wide information security organization with a common goal in information security and cybersecurity risk.
• Provide leadership and foster collaboration with risk, compliance, and legal teams and business stakeholders to ensure a secure approach to innovation and the application of artificial intelligence (A.I.).
• Provide leadership and promote automation for configuration and deployment in support of Security Operations (SecOps); manage institution-wide information security processes by leading OT information security staff to maintain an effective information security program and implement associated priorities.
• Lead efforts to continually assess, evaluate, and make recommendations to management regarding the adequacy of the IT general and security controls for the PCAOB and technology systems which requires a proactive, hands-on approach.
• Develop, implement, and administer technical cybersecurity standards, as well as the suite of security services and tools, and align to existing PCAOB policies, frameworks, and procedures.
• Design and implement a tactical structure to address Security Operations Center (SOC) structures to better enable outage notifications, security risks/threats, or elevation of incidents that occur within the PCAOB environment.
• Establish annual and long-range cybersecurity and compliance goals, align with data and technology strategies, create and monitor Key Performance Indicators (KPI), and forge a multi-year information security roadmap.
• Proactively identify, assess, and prioritize IT risks to data and systems in coordination with OT portfolio management and OERM including internal/external threats, cyber-crimes, and vendor/third-party risks; partner with OERM or relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
• Lead a technical team to proactively work with business units across the PCAOB to implement practices and ensure implementation of technological controls that meet agreed-on policies and standards for information security.
• Lead the development and implementation of effective frameworks, relevant policies, processes, and practices to secure protected and sensitive data in accordance with the PCAOB’s Information Sensitivity Classification ensuring compliance with relevant legislation and legal interpretation.
• Collaborate and coordinate with the CRO to identify, evaluate, and report on OERM organizational-level risk reports to the Board in areas such as legal and regulatory, IT, and cybersecurity risk, while supporting and advancing business objectives.
• Provide leadership supporting a team to streamline and maintain a modern compliance model for cybersecurity safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
• Conduct and support regular internal and external security assessments, tabletop exercises, penetration tests, playbook development, and red/purple team exercises to proactively test the effectiveness of security controls including OT Security Program Assessments and corrective action plans.
• Keep abreast of security incidents and act as primary control point during significant information security incidents; convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. This may require availability off hours, as applicable.
• Mature education and awareness programs and advise PCAOB leadership at all levels on security issues, best practices, and vulnerabilities.
• Examine impacts of new technologies on the PCAOB's overall information security; establish processes to review implementation of new technologies to ensure security compliance.
• Perform the full range of supervisory duties, including resource allocation plans, evaluating employee performance; making recommendations for appointment and promotion; hearing and resolving complaints; identifying development and training needs of employees; other related supervisory tasks.
• Other duties as assigned.

Benefits

• Compensation – We support transparency, equity, and fairness in our compensation programs and provide a reasonable estimate of the salary range, based on data-driven market analysis, for each job posting. While it is not typical for an individual to be hired at or near the top of the range, a reasonable estimate of the salary range for this role in Washington, DC (Headquarters) is $248,100/year - $400,000/year. Team members may also be eligible for performance-based discretionary awards.
• Hybrid work option – Staff will be assigned to the Washington, DC (Headquarters) office.
• Generous paid time off – Up to 6 weeks annually, in addition to 12 federal holidays, and 2 floating holidays and a year-end break December 28 – 31, 2026.
• Highly competitive 401(k) match and savings options – Immediate vesting and contributions matched dollar for dollar, up to 7 percent of eligible compensation. Roth in-plan conversion available.
• Comprehensive and competitive health benefit offerings – Medical, dental, and vision plans
• Supportive paid family leave benefits – Up to 16 weeks paid parental leave and up to 16 weeks paid caregiver leave
• Life insurance benefits – Basic life and AD&D insurance provided; supplemental insurance also available
• Education benefits – PCAOB staff qualify for the Public Service Loan Forgiveness (PSLF) program. We also offer student loan repayment assistance, staff college tuition assistance, and college coach program support.
• Well-being and family resources – Mental health and well-being resources, paid volunteer time, emergency child/adult dependent back-up care services, family-forming assistance, discounted gym memberships, employee assistance program (EAP), health advocate program, and more
• Commuter benefits – Tax-free employer subsidy and pretax employee deductions