The Office of the Chief Administrative Officer (CAO) provides operations support services and business solutions to the community of 10,000 House Members, Officers and staff. The CAO organization comprises more than 650 technical and administrative staff working in a variety of areas, including information technology, finance, budget management, human resources, payroll, child care, food and vending, procurement, logistics and administrative counsel.
The CISO will be responsible for leading, implementing and operating the House cybersecurity program, maintaining and updating a comprehensive cybersecurity strategy that ensures the confidentiality, integrity, and availability of the House’s information systems and resources. The CISO role requires a visionary, positive leadership focused individual with sound knowledge of cybersecurity fundamentals for risk management, incident management/response, and offensive engineering.
The ideal candidate is a thought leader, a consensus builder and builder of bridges between the cybersecurity office, its policies and strategy with the members, committees and leadership offices at the House, as well as with the other legislative branch agencies and oversight committees. The CISO must be able to translate complex technical concepts to non-technical audiences and to succinctly categorize and rank risk at higher and higher levels of leadership at the House. Finally, the CISO must be customer oriented, communicating the value of security to the organization to protect its reputational and data integrity.
The position has day-to-day supervisory/managerial responsibilities.
• Maintains responsibility for the overall/comprehensive executive level management in the areas of Information Security.
• Acts as a senior advisor to the CAO, the CIO, and various House and legislative branch constituents on issues related to Information Security.
• Maintains responsibility for the development, socialization, approval and implementation of security policies.
• Appropriately assigns and monitors the progress of special limited-term projects and initiatives from assignment through completion.
• Briefs House leadership and officials on information security matters and issues.
• Provides appropriate assistance with computer forensics investigations to other House entities.
• Implements, manages, and operates systems to control access to House systems and data.
• Coordinates Members, Committees, and House Support Office security audits to ensure continued security of the network.
• Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
• Works with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations
• Assists with the identification of non-IT managed IT services in use ("citizen IT") and facilitates a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensures that risk is reduced to the appropriate levels and ownership of this information security risk is clear
• Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
• Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
• Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
• On a continuous basis, evaluates overall Information Technology security direction of the House, ensuring that all activities are secure, effective, and efficient.
• Develops budget plans for the Information Security office personnel and non-personnel resources
• Ensures 24x7 hour coverage for Information Security office functions.
• Provides guidance to staff and supervisors on desired results and planning considerations, monitors progress of assigned projects, and provides additional resources as appropriate.
• Performs other official duties and special projects as assigned.