Chief Information Security Officer

**Join us and make a difference in global investor protection.****Who We Are**The Public Company Accounting Oversight Board (PCAOB), a nonprofit organization established by Congress, oversees the audits of public companies and SEC-registered brokers and dealers to protect investors and to further the public interest in the preparation of independent, accurate, and informative audit reports.Our investor protection mission is focused on modernizing audit standards, enhancing audit inspections, and strengthening enforcement of PCAOB rules and standards and other related laws and rules. People are at the heart of our mission at the PCAOB.As we carry out that mission, we strive to uphold the highest standards in audit quality with investors’ families, savings, and futures in mind.We are hiring mission-driven professionals interested in a career with purpose, competitive benefit offerings, and work-life flexibility. If you are interested in working with a group of talented professionals to protect investors and drive audit quality and innovation while adhering to the highest standards of ethical and professional conduct, join us.**What We Offer**At the PCAOB, we offer a highly competitive compensation and benefits package with a focus on the health and financial well-being of our valued team members. Some of the features of our comprehensive Total Rewards package include:* **Compensation –** We support transparency, equity, and fairness in our compensation programs and provide a reasonable estimate of the salary range, based on data-driven market analysis, for each job posting. While it is not typical for an individual to be hired at or near the top of the range, a reasonable estimate of the salary range for this role in Washington, DC (Headquarters) is $248,100 - $400,000. Team members may also be eligible for performance-based discretionary awards.* **Hybrid work option** – Staff will be assigned to the Washington, DC (Headquarters) office.* **Generous paid time off**– Up to 6 weeks annually, in addition to 12 federal holidays, and 2 floating holidays and a year-end break December 28 – 31, 2026.* **Highly competitive 401(k) matchand savings options** – Immediate vesting and contributions matched dollar for dollar, up to 7 percent of eligible compensation. Roth in-plan conversion available.* **Comprehensive and competitive health benefit offerings** – Medical, dental, and vision plans* **Supportive paid family leave benefits** – Up to 16 weeks paid parental leave and up to 16 weeks paid caregiver leave* **Life insurance benefits** – Basic life and AD&D insurance provided; supplemental insurance also available* **Education benefits** – PCAOB staff qualify for theprogram. We also offer student loan repayment assistance, staff college tuition assistance, and college coach program support.* **Well-being and family resources**– Mental health and well-being resources, paid volunteer time, emergency child/adult dependent back-up care services, family-forming assistance, discounted gym memberships, employee assistance program (EAP), health advocate program, and more* **Commuter benefits** – Tax-free employer subsidy and pretax employee deductions**Position Summary**The PCAOB has a full-time position for a Chief Information Security Officer (CISO) in the Office of Technology (OT). This role will be located at our Washington, DC (Headquarters) office and will report to the Chief Information Officer (CIO).The CISO will participate and contribute as an effective member of the PCAOB leadership team, working closely with and advising the CIO, PCAOB executive leadership, and Board on all matters related to the information security program and cybersecurity operations of the PCAOB. Additionally, he/she will be responsible for the implementation, optimization, and delivery of our comprehensive information security strategy aligning our data and technology standards to the security posture of the PCAOB. The CISO, in collaboration with business leaders, will guide and assist with the development and implementation of a security program, facilitate information security governance, advise the CIO on security direction and resource investments, and design and align appropriate policies with respect to information security. This role will continuously assess and develop the cybersecurity landscape, act as a change agent, and help to lead information security resilience across OT and the PCAOB, protecting all data and technology assets.This role will collaborate and interact with the Chief Risk Officer (CRO) and the Office of Enterprise Risk Management (OERM) on information security risk related topics.**Responsibilities*** Responsible for the strategic leadership, implementation, monitoring, reporting, and continuous improvement of the PCAOB's information security program.* Work with PCAOB leadership, divisions, and offices to oversee and mature the operations of a PCAOB-wide information security organization with a common goal in information security and cybersecurity risk.* Provide leadership and foster collaboration with risk, compliance, and legal teams and business stakeholders to ensure a secure approach to innovation and the application of artificial intelligence (A.I.).* Provide leadership and promote automation for configuration and deployment in support of Security Operations (SecOps); manage institution-wide information security processes by leading OT information security staff to maintain an effective information security program and implement associated priorities.* Lead efforts to continually assess, evaluate, and make recommendations to management regarding the adequacy of the IT general and security controls for the PCAOB and technology systems which requires a proactive, hands-on approach.* Develop, implement, and administer technical cybersecurity standards, as well as the suite of security services and tools, and align to existing PCAOB policies, frameworks, and procedures.* Design and implement a tactical structure to address Security Operations Center (SOC) structures to better enable outage notifications, security risks/threats, or elevation of incidents that occur within the PCAOB environment.* Establish annual and long-range cybersecurity and compliance goals, align with data and technology strategies, create and monitor Key Performance Indicators (KPI), and forge a multi-year information security roadmap.* Proactively identify, assess, and prioritize IT risks to data and systems in coordination with OT portfolio management and OERM including internal/external threats, cyber-crimes, and vendor/third-party risks; partner with OERM or relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.* Lead a technical team to proactively work with business units across the PCAOB to implement practices and ensure implementation of technological controls that meet agreed-on policies and standards for information security.* Lead the development and implementation of effective frameworks, relevant policies, processes, and practices to secure protected and sensitive data in accordance with the PCAOB’s Information Sensitivity Classification ensuring compliance with relevant legislation and legal interpretation.* Collaborate and coordinate with the CRO to identify, evaluate, and report on OERM organizational-level risk reports to the Board in areas such as legal and regulatory, IT, and cybersecurity risk, while supporting and advancing business objectives.* Provide leadership supporting a team to streamline and maintain a modern compliance model for cybersecurity safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.* Conduct and support #J-18808-Ljbffr