Deputy Chief Information Security Officer

The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) is recruiting a Deputy Chief Information Security Officer (CISO), to serve as the Deputy to the CISA CISO responsible for enabling this mission by strengthening the cybersecurity posture of CISA, while fostering collaborative networks across the federal government and engaging with industry to build a more secure, resilient future. This position is in the DHS Cybersecurity Service. Degrees are not required for jobs in the DHS Cybersecurity Service, but DHS is interested in your level of education and the topics you studied. As you submit initial application information, you will be asked questions about your education.

DHS Cybersecurity Service (DHS-CS) uses a multi-phase assessment process to qualify applicants seeking employment through the DHS-CS. Given the ever-advancing nature of cybersecurity and the ongoing need for cybersecurity talent, DHS-CS uses “Talent Pools” to pull qualified applicants (i.e., individuals who have successfully completed the multi-phase assessment process for their capability and career track/level) for consideration for these jobs.

By applying to this job announcement, you are not just applying for a specific job but are opting to be part of the DHS-CS Talent pool for ongoing consideration for employment in this Technical Capability and will remain eligible for consideration for up to one year from the date of completion.

As Deputy CISO you will report directly to the CISA Chief Information Security Officer (CISO) and manage a range of complex cybersecurity work related to establishing and maintaining a comprehensive Agency-wide information security and risk management program. You will be responsible for the Agency’s security architecture, security operations center, and responsiveness to incidents that may impact business, mission assets, personnel, and networks across CISA’s multi-billion-dollar information technology enterprise.

As a DHS Cybersecurity Service Employee in the Leadership Track, at the Senior Cybersecurity Manager level, you will continually and proactively participate in learning activities to enhance and apply your technical and leadership expertise in either Cybersecurity Defensive Operations – Intelligence Collection & Analysis (ICA), as well as Planning, Execution & Analysis (PEA), Cybersecurity Engineering, or Cybersecurity Architecture to oversee multiple DHS Federal cybersecurity programs, organizations, employees and contract resources to manage a range of unusually difficult tasks, including:

• Leading and/or overseeing teams to design, implement, and evaluate DHS cybersecurity policies, protocols, and programs aimed at enhancing the security of organizational networks and IT systems, including those related to artificial intelligence and other emerging technologies.
• Coordinating across the Department and with White House and interagency bodies to support the development and implementation of national-level cybersecurity policy and strategy, including related to artificial intelligence and other emerging technologies.
• Representing DHS policy positions in interagency and other working groups with other departments and agencies, foreign, state and local governments, the private sector, and academia.
• Reviewing and analyzing new and proposed legislation, strategies, and policy initiatives to assess the impact on DHS operations and existing cybersecurity policies, strategies, and programs.
• Assisting subordinate employees in the application of laws, rules, regulations, executive orders, and current requirements to ensure DHS cybersecurity policies and programs are legally compliant and align to the organization’s mission and goals.
• Supervising and managing staff to conduct formal technical policy reviews of DHS’s cybersecurity programs to determine if policies are current and effective, or if modifications are needed based on evolving security developments or threats.
• Providing leadership and expert policy support to the implementation of new systems, networks, and software designs for potential security risks, as well as resolving integration issues related to the implementation of new systems with the existing infrastructure.
• Directing and overseeing the creation, drafting, interpretation, and dissemination cybersecurity policy guidance to a variety of audiences in the form of briefings, reports, or other written products.
• Providing leadership and senior advisement to the Department’s engagement with Congress or other legislative bodies in order to achieve and maintain the necessary authorities and resources required to meet mission critical priorities.
• Overseeing performance and development of cybersecurity policy personnel as well as serving as a mentor to DHS headquarters and/or Component employees in cybersecurity policy and those seeking to build expertise in the field.
• Proactively coordinating with internal and external DHS stakeholders to share intellectual capital and relevant information in support of the overall success of cybersecurity policies and protocols, ensuring alignment with critical agency priorities.

This position is in the Leadership Track at the Senior Cybersecurity Manager level. At this level, individuals generally:

• Have 12+ years of cybersecurity work experience.
• Have 5+ years of leadership experience
• Are capable of serving as seasoned cybersecurity manager who oversees multiple DHS or Federal cybersecurity programs or DHS organizations, including employees and contract resources, through subordinate managers.

DHS Cybersecurity Service employees with a technical capability in Cybersecurity Defensive Operations will generally:

• Integrate, manage, and execute all aspects of the cyberattack lifecycle to inform cyber defense operations.
• Plan and execute cybersecurity defense operations to protect assets.
• Facilitate the flow and assessment of key intelligence data.
• Determine system security monitoring and incoming intelligence feeds based on dynamic security environment.
• Oversee immediate remediation and containment processes.

DHS Cybersecurity Service employees with a technical capability in Cybersecurity Engineering will generally apply their expertise to:

• Conduct software, hardware, and systems engineering to develop new and refine/enhance existing technical capabilities, ensuring full integration with security objectives, principles, and processes.
• Build practical solutions in full consideration of lifecycle of costs, acquisitions, program and projects, management, and budget.
• Identify engineering requirements for, and ensure interoperability of, internal and external systems.
• Demonstrate strategic risk understanding, considering impact of security breaches or vulnerabilities in every aspect of the engineering process.
• Stay current on emerging technologies, and their applications to current and emerging business processes (e.g., cloud, mobile) to identify and recommend methods for incorporating promising technologies to meet organizational cybersecurity requirements.

DHS Cybersecurity Service employees with a technical capability in Cybersecurity Architecture will generally apply their expertise to:

• Develop system concepts and work on the capabilities phases of the systems development lifecycle.
• Translate technology and environmental conditions (e.g., laws, regulations, policies and technical standards) into system and security designs and processes.
• Provide recommendations for investment standards and policies that drive how controls will be applied across the organization.

DHS Cybersecurity Service employees start at career levels and salaries matching their experience and expertise. In recruiting for this opportunity, DHS may hire employees at higher or lower career levels and associated salaries. To learn more about DHS Cybersecurity Service career tracks and levels, visit our application portal.

This position is focused on Cybersecurity Defensive Operations- Intelligence Collection & Analysis and Planning, Execution & Analysis, Cybersecurity Engineering, or Cybersecurity Architecture.

DHS Cybersecurity Service jobs are structured cybersecurity specializations – called technical capabilities. To learn more about technical capabilities, visit our application portal.