Information Security OfficerDescription
The Public Company Accounting Oversight Board is a nonprofit corporation established by Congress to protect investors and the public interest by promoting informative, accurate, and independent auditreports and to oversee the audits of public companies and broker-dealers.
The PCAOB has a full-time, regular position for an Information Security Officer (ISO) in the Office of Information Technology at its Washington, DC office. The ISOreports to the Director of the Office of Information Technology (OIT) and is a member of the OIT leadership team. As the Information Security Officer, you will be responsible for the overall information risk management and cyber-security needs of the PCAOB. Additionally, you will be responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the PCAOB. The ISO, in collaboration with business leaders, guides the development and implementation of a security program facilitates information security governance, advises senior leadership on security direction and resource investments, and designs appropriate policies to manage information securityrisk.
- Responsible for the strategic leadership of the PCAOB's information security program.
- Provide guidance and counsel to the Director of OIT and key members of the OIT leadership team, working closely with senior business stakeholders, and the PCAOB community in defining objectives for information security, while building relationships and goodwill.
- Work with PCAOB leadership to oversee the formation and operations of a PCAOB-wide information security organization that is organized toward a common goal in information security.
- Promote collaborative, empowered working environments across departments, removing barriers and realizing possibilities.
- Manage institution-wide information security governance processes and lead the Information Security Staff in the building of an information security program and project priorities.
- Lead information security planning processes to establish a business-aligned, risk-based, threat-aware comprehensive information security program for the entire PCAOB.
- Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Stay abreast of information security issues and regulatory changes affecting the PCAOB at the national and international level. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Provide leadership philosophy for the Information Security Staff to create a strong bridge between departments, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the PCAOB.
- Mentor the Information Security team members and implement professional development plans for all members of the team.
- Lead the development and implementation of effective policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the PCAOB and technology systems.
- Work with PCAOB leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the PCAOB to effectively address federal statutory and regulatory requirements.
- Create education and awareness programs and advise PCAOB business units at all levels on security issues, best practices, and vulnerabilities.
- Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
- Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate securityrisk.
- Provide leadership, direction and guidance in assessing and evaluating information securityrisks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the PCAOB's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Advanced degree in Computer Science, Information Technology or Cyber Security, or equivalent experiencepreferred.
- CISM, CISSP, CRISC or other relevant certification preferred.
- 10+ years of leadership experience in Cyber and Information Security.
- Experience with risk assessment and risk mitigation, compliance with regulations on security and privacy.
- Hands-on experience implementing NIST, ISO, SOX, PCI or other frameworks.
- Experience in planning, organizing, and developing IT security system technologies.
- Demonstrable expertise in developing and implementing security policies and standards development.
- Excellent knowledge of technology environments, including information security, cybersecurity, and defense in-depth solutions.
- Strong leadership and people management abilities.
- Strong attention to detail.
- Excellent interpersonal skills and professional demeanor.
- Excellent verbal and written communication skills.
- Excellent customer service skills.