Role Purpose
CISO is responsible for leading the strategic direction and overall governance of information security within the organization. This role develops and implements a comprehensive information security strategy aligned with organizational goals to safeguard the organization’s data, systems, and networks against evolving security threats. The CISO collaborates with executive leadership to ensure that security measures are integrated into business processes, provides guidance on security initiatives, and fosters a culture of security awareness throughout the organization.
Key Responsibilities/Duties
A. Functional:
1. Develop and implement the DCAA's information security strategy in alignment with business goals and objectives. Ensure that security initiatives support the overall strategic direction of DCAA.
2. Establish and maintain comprehensive information security policies and procedures that comply with industry standards, regulations, and legal requirements (e.g., ISO 27001, ISR and other DESC standards). Ensure these policies are effectively communicated across DCAA. Oversee periodic audits and assessments to ensure compliance.
3. Identify, assess, and prioritize information security risks. Develop and implement risk management strategies to address and mitigate these risks effectively, including business continuity and disaster recovery planning.
4. Guide the design and implementation of security architecture and frameworks that safeguard the DCAA’s information systems and data. Ensure these architectures are robust, scalable, and adaptable to emerging threats.
5. Lead the development and execution of incident response plans. Manage the response to major security incidents, including coordination with external parties, forensic analysis, and post-incident reviews.
6. Collaborate with IT, Strategy, Legal, and other key departments to integrate security practices into business processes. Serve as the primary liaison between the information security team and other business units.
7. Develop and implement organization-wide security training programs. Promote a culture of security awareness by educating employees about security policies, best practices, and emerging threats.
8. Oversee the implementation of continuous monitoring systems to assess and report on the DCAA’s security posture. Provide regular updates to executive management (DG), the directors and business unit heads, and other key stakeholders on security metrics and incident status.
9. Stay informed about the latest trends, threats, and technologies in the information security field. Drive innovation in security practices and technologies to continuously improve DCAA’s security posture.
10. Evaluate and manage the security risks associated with third-party vendors and partners. Ensure that third-party services meet security standards and contractual obligations.
11. Ensure the efficient allocation of resources to support security initiatives and projects. Ensure that security investments align with organizational priorities and deliver value.
12. Establish security governance committees or working groups. Facilitate the review of security policies, risk assessments, and incident reports at a senior level. Contribute to the development of long-term security strategies.
13. Act as the primary point of contact for regulatory agencies and external auditors regarding information security matters. Ensure timely and accurate responses to regulatory inquiries and audits.
14. Participate in organizational crisis management planning and execution. Provide expert advice during security-related crises and high-impact incidents.
15. Develop and track key performance indicators (KPIs) and metrics to measure the effectiveness of security programs and initiatives. Use this data to drive continuous improvement. Ensure to report the periodic progress to management and support in taking business decisions.
16. Ensure that all information security practices adhere to ethical standards and legal requirements. Promote a culture of integrity and accountability within the information security function.
17. Ensure compliance with non-disclosure and confidentiality agreements, as well as DCAA security policies, to safeguard both government and DCAA confidential information. Address and rectify any ISR audit findings, promptly report security incidents, and engage in ongoing security awareness training to prevent unauthorized access or disclosure.
18. Other duties: Perform other job-related duties as may be assigned from time to time by the Head of HR Policies and Development Section.
B. Managerial:
1. Allocates/coordinates work within the team/project and/or contributes to technical/professional direction for a discipline.