Chief Information Security Officer
Pacific Northwest National Laboratory - Richland, WA

This job posting is no longer available on Pacific Northwest National Laboratory. Find similar jobs: Chief Information Security Officer jobs - Pacific Northwest National Laboratory jobs

Organization and Job ID

Job ID:
302132

Directorate:
Office of Chief Information Officer
Job Description
At Pacific Northwest National Laboratory, our mission is to transform the world through courageous discovery and innovation. Our vision: PNNL science and technology inspires and enables the world to live prosperously, safely, and securely. Our values of integrity, creativity, collaboration, impact and courage provide the foundation for all we do. PNNL advances the fundamental understand�ing of complex computational, chemical, physical and biological systems and provides science-based solutions to some of the nations most pressing challenges in national security, energy and the environment. We accomplish this mission through the outstanding research and development activities of our staff, excellence in opera�tions and high-value partnerships.

PNNL is based out of Richland Washington, does approximately $1.1B in business volume and has 4,700 employees. Battelle, a global science and technology enterprise headquartered in Columbus, Ohio, manages the laboratory for the U.S. Department of Energy.
The Role
We are looking for a results-driven visionary with a proven track record of leading information security teams to provide sleek, impactful business solutions that effectively address information security risks while supporting established business workflows.

The right candidate will be an exceptional leader and communicator, thrive on developing strong partnerships with PNNLs world-class cyber security research capabilities, and have a proven track record in the development of industry-leading cyber security teams.
The Chief Information Security Officer (CISO) will be accountable for all aspects of classified and unclassified cyber security at PNNL, establishing and maintaining a comprehensive information security program to insure that all laboratory information assets are adequately protected against current/future internal/external threats. The position is responsible for identifying, evaluating, reporting and planning mitigation of cyber security risks in a manner that meets compliance and regulatory requirements and that aligns with and supports the desired risk posture of the Laboratory. The CISO proactively works with business units to implement practices and technologies that meet PNNL policies and standards for cyber security defined by the program.
The CISO serves as the process owner of all ongoing activities related to the confidentiality, integrity and availability of PNNL, customer and business partner information resources, in compliance with Battelle policies and legal and contractual requirements. A key element of the CISO's role is working with executive management from PNNL and the Department of Energy (DOE) to determine acceptable and achievable levels of risk for the organization. Consequently, the CISO position requires a visionary leader who is highly knowledgeable about the business environment, the threat landscape, and cyber security architecture, technology and operations. Additional elements of this role include developing strong partnerships with our internal cyber security R&D teams as well as outreach to entities external to PNNL.
Responsibilities
-- Manage PNNL's cyber security organization, consisting of direct reports and indirect reports (such as individuals in classified and unclassified IT operations), including hiring, training, staff development, performance management and annual performance review.
-- Establish, implement and monitor a strategic, comprehensive risk management program to ensure the confidentiality, integrity and availability of information resources owned, operated or otherwise stewarded by PNNL.
-- Develop and continually enhance processes for risk assessment, control selection, system authorization, continuous monitoring, threat and vulnerability management, incident response, and related cyber risk management functions as necessary.
-- Develop and maintain cyber security architecture to achieve the desired level of residual risk with the least impact on research productivity and the greatest efficiency of cyber security operations.

Partner with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
-- Create, communicate and implement a risk driven process for cyber security investment decision making.
-- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
-- Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provide direction, support and in-house consulting in these areas.
-- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
Minimum Requirements

Education:
Bachelor's degree in computer science, computer engineering, management information systems, systems analysis, or a related field of study is required.

An MBA is highly desired.

Experience:
Minimum of 15 years of experience in a combination of risk management, information security and IT jobs, at least five must be in a senior leadership role.

Clearance:
Ability to obtain a clearance (which requires US citizenship, drug testing and background investigations)
Qualifications

Education:
Bachelor's degree in computer science, computer engineering, management information systems, systems analysis, or a related field of study is required.

An MBA is highly desired.

Certifications:
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is highly desired.

Experience:
Minimum of 15 years of experience in a combination of risk management, information security and IT jobs, at least five must be in a senior leadership role.

Clearance:
Ability to obtain a clearance (which requires US citizenship, drug testing and background investigations)

Education and experience should demonstrate:
-- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
-- Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment.
-- Knowledge of common information security management frameworks, such as ISO 27001, ITIL, COBIT.

Working knowledge of NIST and CNSS 1253 is highly desired.
-- Knowledge and understanding of relevant legal and regulatory requirements, such as OMB A-123,

Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry/Data Security Standard.
-- Project management skills; financial/budget management, scheduling and resource management.
Equal Employment Opportunity
Pacific Northwest National Laboratory (PNNL) is an Affirmative Action / Equal Opportunity Employer and supports diversity in the workplace.

All employment decisions are made without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital or family status, sexual orientation, gender identity, or genetic information.

All staff at the Pacific Northwest National Laboratory must be able to demonstrate the legal right to work in the United States

Pacific Northwest National Laboratory - 23 months ago - save job
About this company
23 reviews
It takes a lot of manpower to build a nation's economic and energy security. That's why there's the US Department of Energy....