Mathematica applies expertise at the intersection of data, methods, policy, and practice to improve well-being around the world. We collaborate closely with public- and private-sector partners to translate big questions into deep insights that improve programs, refine strategies, and enhance understanding. Our work yields actionable information to guide decisions in wide-ranging policy areas, from health, education, early childhood, and family support to nutrition, employment, disability, and international development. We are looking for a Chief Information Security Officer (CISO) to join our IT Services team in the Washington, DC office. You will work remotely for the time-being due to the pandemic. This VP-level position will establish and maintain our corporate-wide information security management program to ensure that information assets are adequately protected. This person will work closely with executive management to determine acceptable levels of risk for the organization.
At Mathematica, we take pride in our commitment to diversity. Building an inclusive culture that draws on the individual strengths of employees from different ethnic backgrounds, cultures, lifestyles, abilities, and experience is key to our success. Responsibilities: Participate and contribute as an effective member of the leadership team, working closely with the Chief Information Officer. Understand and interact with related disciplines through teams and work groups to ensure the consistent application of policies and standards across all technology projects, systems and services. Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget. Provide thought leadership in client and corporate security, privacy, risk, and compliance strategy and execution. Create a governance structure around data security, privacy and ethical use that includes policy, procedures, and learning content. Cultivate a culture of security through the creation of an effective learning program, communications, and organizational readiness efforts. Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems. Responsible for company incident response and investigations. Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities. Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program. Work directly with the business units to facilitate risk assessment and risk management processes. Responsible for leading and executing internal and external audit and compliance programs. Develop, manage and coach a team of security professionals. Manage the deployment of team members to client projects. Provide client facing leadership in the delivery of data compliance and security services. Position Requirements:
Bachelor’s Degree in Business Administration or a technology-related field. Professional security management certification(s) Have a minimum of ten years of experience in a combination of risk management, information security and IT jobs. Experience with contract and vendor negotiations and management including managed services. Excellent written and verbal communications for internal and external audiences. Specific experience in Agile (scaled) software development or other bests in class development practices. Experience with Cloud computing/Elastic computing across virtualized environments. Working knowledge of Data Loss Prevention (DLP) programs and best practices, including expertise securing large, unstructured, and rapidly evolving data sets. Working knowledge of security architectures and compliance best practices. Understanding security, compliance and privacy requirements for federal and state government agencies. Familiarity with federal security regulations and standards (e.g. HIPAA, FISMA, FIPS, and FedRAMP), as well as experience with state specific privacy regulations. Strong knowledge of common information security management frameworks, such as NIST and ISO/IEC 27001. A combination of equivalent education and work experience may be substituted for the above requirements. Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams. Must be able to pass a background check.
We offer our employees a stimulating, team-oriented work environment, competitive salaries, and a comprehensive benefits package, as well as the advantages of employee ownership. We provide generous paid time off. Visit our web site at www.mathematica.org. Various federal agencies with whom we contract require that staff successfully undergo a background investigation or security clearance as a condition of working on the project. If you are assigned to such a project, you will be required to obtain the requisite security clearance. To apply, please submit cover letter, resume, and salary requirements via our online employment website.
#LI-DI1 We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.