Chief Information Security Officer

Working from home
Sep 10, 2023
Oct 10, 2023
Full Time
Chemonics International is seeking a Chief Information Security Officer within the Global Technology Infrastructure Division. The Chief Information Security Officer (CISO) is responsible for implementing and running the enterprise information security and service management programs. The CISO is responsible for establishing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected. They are also responsible for establishing and running the information security service management program, working on business proposals and hiring contractors as needed to support the business projects. The CISO will work with executive management to determine acceptable levels of risk for the organization and proactively work with others to implement practices that meet agreed-on policies and standards for information security. They will be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. The CISO will serve as a thought leader, a builder of consensus and of bridges between business and technology. They will coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for Chemonics to deliver on its business goals and objectives. Additionally, the CISO will report directly to the CIO. We are looking for individuals who have a passion for making a difference in the lives of people around the world.

Principal Duties and Responsibilities (Essential Functions):

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • Creates, manages, and leads the company's information security structure (Hiring staff as needed in missing areas
  • Implements Chemonics information security vision, strategy, and three year roadmap that is aligned to Chemonics Business and IT strategies, enables Chemonics' business objectives, and ensures senior stakeholder buy-in and mandate
  • Delivers and monitors Chemonics strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by Chemonics
  • Ensures that the cybersecurity requirements necessary to protect the organization's mission and business processes are adequately addressed in all aspects of enterprise architecture
  • Provides as needed information security directions, guidance and support in the realization of business contracts
  • Works to ensure that information security requirements are included in contracts by liaising with compliance and procurement departments
  • Provides regular reporting on the current status of the information security program to enterprise risk teams senior business leaders, and the board
  • Facilitates an enterprise information security governance structure including enterprise rules and standards for interoperability between Corporate and the local business offices
  • Develops, socializes and coordinates approval and implementation of security policies
  • Directs the creation of a targeted information security awareness training program and establishes metrics to measure the effectiveness of this security training program for the different audiences
  • Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
  • Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
  • Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas
  • Manages the budget for the information security function, monitoring and reporting discrepancies
  • Manages cost efficiently the information security team
  • Works effectively with business units to facilitate information security risk assessment and risk management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite
  • Develops and enhances an up-to-date information security management framework
  • Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
  • Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
  • Creates a framework for roles and responsibilities about information ownership, classification, accountability and protection of information assets
  • Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels
  • Provides input for the IT section of the company's code of conduct
  • Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required
  • Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks
  • L iaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
  • Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
  • Works with other compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
  • Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable
  • Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
  • Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines
  • Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
  • Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
  • Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management
  • Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
  • Facilitates and supports the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem
  • Demonstrated leadership, versatility and integrity


To perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. The qualifications listed below are representative of the required knowledge, skills, and/or abilities needed to perform the principal duties.
  • Past experience implementing cyber security in Network, End Point protection, Cloud security, AD/ Access Management highly required
  • Expert level understanding of the Microsoft security solution
  • Prior experience working for a US government contractor is a plus
  • Expert at Data Security including string knowledge of encryption, data labeled and marked ( right controls), sensitivity of the data.
  • More than 15 years of relevant experience, including five years in a leadership role
  • Demonstrated leadership, versatility and integrity
  • Managed multiple direct reports and team teams, multiple projects and/or portfolio of projects
  • Established key elements of tactical and operational plans, with a focus on short-to mid-term operational plans (1-3 years)
  • Demonstrated broad management knowledge to lead project teams in one department
  • Demonstrates Master knowledge and skills in Information Security
  • Developed budgets, schedules and performance requirements
  • Demonstrated experience and success in leadership roles in risk management, information security, and information technology security
  • Degree in a technology-related field
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials preferred
  • Knowledge and understanding of relevant cybersecurity legal and regulatory requirements, such as GDPR and Health Insurance Portability and Accountability Act (HIPAA)
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
  • Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
  • Experience with contract and vendor negotiations
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists
  • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams
  • Excellent stakeholder management skills
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Project management skills including financial/budget management, scheduling and resource management
  • A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • High degree of initiative, dependability and ability to work with little supervision while being resilient to change
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
  • A critical thinker, with strong problem-solving skills
  • Excellent writing skills and strong experience writing information security documents and reports
  • Strong problem-solving and trouble-shooting skills
  • Self-motivated and possessing of a high sense of urgency and personal integrity
  • Excellent communication skills and strong experience facilitating events or training

Physical Requirements:
  • Regular attendance and availability during normal Chemonics Washington business hours are required
  • Ability to work in a normal office environment
  • Occasionally lift and/or move up to 25 pounds

Work Conditions:
  • Normal office environment; usually moderate noise level
  • Occasional exposure to environmental conditions include exposure to hot, cold, wet, humid, or windy conditions caused by the weather
  • Ability to travel and work abroad in less developed countries for at least 4 to 8 weeks a year

Candidates are encouraged to apply as soon as possible. No telephone inquires please. Finalists will be contacted.

Equal Employment Opportunity

Chemonics is an equal opportunity/Affirmative Action employer and does not discriminate in its selection and employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, political affiliation, sexual orientation, gender identity, marital status, disability, protected veteran status, genetic information, age, or other legally protected characteristics. Military veterans, AmeriCorps, Peace Corps, and other national service alumni are encouraged to apply.

Pay Transparency Nondiscrimination Provision
Chemonics will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by Chemonics, or (c) consistent with Chemonics legal duty to furnish information. 41 CFR 60-1.35(c)

The Salary Range for this position is expected to be: $155,850 - $194,810.

An employee's pay position will be based on several factors including, but not limited to, relevant education, qualifications, certifications, experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs.

Overtime exemption status may change due to state regulatory requirements.

We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, ESOP, 401(k), and other benefits to eligible to US based employees. Please visit to find out more about the benefits this position is eligible for.

Similar jobs