Deputy Chief Information Security Officer

Information about the organization

The United States Holocaust Memorial Museum is a federally chartered, nonpartisan institution that was created by the US Congress to serve as America’s national memorial to the victims of the Holocaust and an educational institution dedicated to the history and lessons of the Holocaust. The Museum seeks to educate Americans from all 50 states and all walks of life as well as international audiences. The Museum has three areas of expertise: Holocaust remembrance, Holocaust scholarship and education, and genocide prevention.

In carrying out its important memorial and educational mission, the Museum is guided by its institutional values for our workplace: Honor the memory of the victims; carry out our work with dignity, humility, integrity and respect for others; and strive for excellence through teamwork, rigor, and a culture of continuous learning. Consistent respect for others is the foundation for trust, collegiality and inclusion.

 Information about the role

The Office of Information Technology reports to the Chief Financial Officer and exists to provide technology services and solutions to the staff of the Museum. We also play a key role in driving business transformation across the organization so that we can operate more effectively and our staff can spend more of their time on supporting our mission.

The Office of the Chief Information Officer directly oversees and ensures that the technology components of the Museum are connected in a seamless and well-integrated manner, manages Information Security, quality assurance and the protection of digital information, management of institutional projects for the establishment of improved information dissemination, professional project practices and manages the financial and procurement of hardware and software for the Institution.

The primary purpose of the position is to serve as the Deputy Chief Information Security Officer (D/CISO) with responsibility for planning, design, development, and deployment of security tools and strategies to protect the Museum’s information, systems and services from malicious intent, both internal and external.

This is a full-time donated position (non-Federal) paid with the Museum’s private funds. Salary is commensurate with experience.

This position is located in Washington, DC and is hybrid telework eligible, within the local commuting area of the Museum worksite.

Duties, and Responsibilities for the role

• Designs, implements, manages, and maintains an IT security program and strategy that protects the United States Holocaust Memorial Museum (USHMM) IT systems and data against unauthorized use, modification, inaccessibility, and loss.
• Fosters collaboration by working in partnership with, among others, program offices, auditors, international partners and governmental partners, to develop, maintain, promulgate, and implement security policies, guidelines, tools, and services consistent with industry-leading security practices.
• Administers the Museum’s security incident response program to include investments in preventative, detective, and corrective technical controls, and advanced IT security capabilities.
• Promotes IT security across the systems development life cycle by providing a broad range of advisory services on IT security-related issues, including research into new technologies and the security implications of their use; collaboration with program offices to include security controls early on and across the system development life cycle.
• Enables fact-based decision-making and recommendations about security investments by synthesizing information from multiple sources and making recommendations.
• Oversees the delivery of existing services, such IT security testing and assessment, and introduces new services that aid in prioritization and the creation of IT security roadmaps.
• Promotes a security-awareness culture through an understanding and communication of national policies, development of security awareness materials, conference participation, creation of monthly newsletters, and maintenance of an informative intranet site. Ensures the IT security program aligns with the Museum’s overall strategic goals.
• Develops and executes budget plans and reallocates resources as needed.
• Advises the Museum’s Executive Team and Council regarding IT security technology.
• Maintains relationships with external entities, such as the U.S. Cybersecurity Infrastructure Security Agency, the National Institute of Standards and Technology (NIST), and the U.S. Office of Management and Budget to enhance the Museum’s IT security program and, where applicable, align Museum security practices to government directives.
• Develops IT security standards that prevent misuse and unauthorized access to Museum data for all Museum procurements.
• Leads the Museum’s development, security and operations (DevSecOps) program.
• Serves as a contracting officer’s representative (COR) to oversee and manage contracts supporting information technology projects. Prepares statements of work relative for upcoming network installations and general preparations for installations.
• Supervises Museum staff possessing technical expertise in varied disciplines who are engaged in a diversity of projects.
• Anticipates, identifies, evaluates, mitigates and minimizes risks associated with IT systems vulnerabilities. Reviews proposed new systems, networks, and software designs for potential security risks. Resolves integration issues related to the implementation of new systems with the existing infrastructure.
• Other duties as assigned.

Minimum Qualifications for the role

• Professional security management certification such as Certified Information Security Manager (CISM) or Certified Information System Security Professional (CISSP).
• 8+ years of experience in a combination of risk management, Information Security and IT roles.
• Experience with Identity and Access Management (IAM) policies and technologies.
• Experience with IT Security Incident Response and Disaster Recovery planning
• Experience with IT Security audits, assessments and cyber forensics
• Knowledge of common Information Security management frameworks, such as International Standards Organization 27001, the NIST Cybersecurity Framework, and FedRamp.
• Familiarity with Zero Trust Architecture principles.
• Hands-on or practical experience using Extended Detection and Response, Network Detection and Response, Web Application Firewalls, and Network Traffic Analysis.
• Specific experience in a DevSecOps environment or other best-in-class development practices.
• Experience with cloud computing and elastic computing across virtualized environments.
• Experience with contract and vendor negotiations and management, including managed services.
• Proven ability to lead and motivate cross-functional, interdisciplinary teams.
• Experience managing security teams with varied technical skill sets.
• Excellent written and verbal communication skills.

Preferred Qualifications for the role

• Expertise with
  • Identity and Access Management (IAM)
  • IT Security Incident Response
  • IT Security Audits and Assessments

The application deadline for this opportunity is March 17, 2024.

The Museum is committed to cultivating and maintaining a culture of diversity, equity, accessibility and inclusion (DEAI).