Chief Information Officer (CIO)
The employer provides timely and objective analysis and integrated technical, operational, programmatic, policy, and business solutions in support of important national security objectives. Directs the development of an effective strategy to assess and mitigate risk (foreign and domestic), manage crises and incidents, maintain continuity of operations, and safeguard organizational data. Develop effective working relationships with other members of the leadership team. Develops strategies and a roadmap in coordination with the senior executive team to provide IT solutions that support SPA business objectives. Keeps a close connection with SPA capability leaders and business development interests to identify trends that drive technological needs of the organization. Leads and develops the professional excellence of subordinate IT and security staff. Develop staff members' capabilities, define expectations, conduct performance reviews, certify qualifications, and hire personnel with necessary skills and experience to contribute to IT and security excellence. Provides opportunities for professional development of the staff by identifying professional growth paths and supporting training and education activities. Directs and tracks staff action to identify, develop, implement, and maintain IT and traditional security processes, practices, and policies throughout the organization to reduce risks, respond to incidents, and limit exposure and liability in all areas of information and physical risk. Identifies IT security goals, objectives, and metrics consistent with the corporate strategic and annual operating plans.Elevate cybersecurity as a primary corporate metric. Manages the development and implementation of the company's cyber and physical security policy, standards, guidelines, and procedures to ensure the adequacy of ongoing operations, maintenance, and security. Researches and deploys state-of-the-art technology solutions and innovative cyber security techniques to safeguard the organization's classified and unclassified information (including intellectual property and trade secrets), and to ensure mission resiliency of our IT systems. Establishes appropriate standards and associated risk controls. Develops strategies to improve efficiency and reduce operating costs by consolidating systems, standardizing technologies, and implementing an architecture that scales with the addition of services or users. Works with our executive team to prioritize cyber and physical security initiatives and spending.Develop information technology investment strategies to improve business processes, security and decision-making.Manage the budget for IT and traditional security operations and make timely recommendations for changes necessary to effectively manage the risks inherent in SPA's cyber and physical security operations. Oversees all IT security related operations, staff, and vendors responsible for safeguarding the company's assets, government data, and intellectual property. Oversees compliance activities including external audits, regulatory compliance, and overall information security reviews. Educates the organization about these threats and implement threat protection measures at a global level. Drives corporate culture by designing and executing training plans for education, awareness, and ownership of the company's cyber and physical security. Contributes to SPA's business development efforts by ensuring all cybersecurity requirements are met in support of proposal development. Develops and sustains external relationships with US government, IT-related professional organizations, and other industry counterparts to stay abreast of relevant developments and best practices. 10+ years of relevant IT experience managing operations, engineering, or Corporate IT teams is required, including IT team or group leadership. Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff. Working knowledge of Microsoft Enterprise environments and IT security architecture. Demonstrated expertise in industrial security in support of all National Industrial Security Program Operating Manual (NISPOM) compliance and other security related responsibilities. Working knowledge of the Defense Security Services (DSS) and Defense Information policies and procedures, the NISPOM Manual, the Industrial Security Field Operations (ISFO) Manual and Risk Management Framework (RMF). Strong background in information technology and information security, including specific experience in operating Secret Internet Protocol Network (SIPRNet) circuits. Strong working knowledge of NIST 800-171 requirements and DFARS compliance. Experience with DoD and NISPOM classified systems requirements. Demonstrated analytical, organizational and management skills. One or both of these certifications: Certified Information Security Manager (CISM) or Certified Information Professional (CISSP).In lieu of certification, recent successful leadership of an IT organization of similar size and complexity is acceptable. Exceptional client service and communication skills, strong leadership, verbal, written and presentation skills. Top Secret security clearance.