Senior Director, Cybersecurity Advisory Services Program - Remote

The Senior Director, Cybersecurity Advisory Services will serve in a key leadership role within the OSS senior management team and will oversee the cybersecurity advisory services program for state, local, tribal, and territorial (SLTT) members and cyber underserved organizations. Cybersecurity advisory services provides relevant, trusted, and practical advice, training, coaching, and tools to help them mature their cybersecurity program and reduce risk to their organization.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

Provide leadership, vision, and direction for staff within the cybersecurity advisory program
• Oversee the cybersecurity advisory services program budget, prepare budget reports, monitor expenditures, and make recommendations to executive leadership
• Perform advisory consultations with MS- and EI-ISAC members and cyber underserved organizations on a variety of cybersecurity and privacy programmatic, strategy, and technical topics. These consultations may occur virtually via phone or video conference or in some circumstances, travel may be required to do an onsite consultation
• Develops and maintains a knowledge management system to catalog target audience requirements and priorities, resources, and materials developed during SLTT and cyber underserved advisory consultations and other engagements.
• Identify feasible options and develops and maintains programs that efficiently and effectively provide relevant, trusted, and practical advice, training, coaching, and tools to help mature cybersecurity programs and reduce risk to SLTT and cyber underserved organizations
• As appropriate develop and execute education or training courses or workshops or coaching programs.
• Collaborate frequently with other OSS leaders, the CIS Services Program Office, CIS staff, CISA, and the MS- and EI-ISAC membership and executive committees to stay aware of products, services, threats, risks, opportunities, and needs. Use information obtained through this collaboration to inform advisory services
• Stay current on cybersecurity threats, vulnerabilities, technologies, techniques, and best practices. Be an expert on MS- and EI-ISAC, CIS Services, and CIS security best practices products and services and understand how to assist an SLTT with implementing them
• Manage the workflow and pipeline of requests for advisory services and develop a framework to triage and prioritize requests for assistance
• This role is a member-facing position that requires a high level of Executive presence and ability to build trust and deliver value. In addition, this role requires communication, diplomacy, coaching and presentation skills
• Other tasks and responsibilities as assigned

• Bachelor's degree in information technology, business or a related field*
• 10+ years' experience in cybersecurity
• 5+ years' experience leading, supervising, coaching, and providing strategic direction to teams and/or individuals
• Extensive experience running security programs and/or practice areas as a chief information security officer (CISO), security practice group leader, or other equivalent role
• Experience and expertise with modern information security programs including:
  • Assessing organizational strategy and risk
  • Developing security strategy and roadmaps aligned to organizational strategy and risk
  • Building security teams and capabilities
  • Implementing key security solutions including SIEM, identity & access management, threat and vulnerability management, forensics, endpoint security, network security, etc.
  • Creating security metrics and reporting mechanisms
  • Cyber incident response, security operations, and vulnerability management
• Excellent client-facing and internal communication skills
• Strong business acumen and ability to understand and drive mission objectives
• Solid organizational skills including attention to detail and multi-tasking skills
• Strong presentation capabilities
• Candidate must be eligible to obtain and keep active a Top Secret / Special Compartmentalized Information (SCI) National Security Clearance
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions*
• Must be authorized to work in the United States

It's a plus if you have:

• Experience as CISO (or equivalent role) of a state or major jurisdiction with oversight of or the responsibility to coordinate cybersecurity improvements of subordinate government or agency security programs
• Experience developing and delivering cybersecurity education and training at strategic, operational, or tactical levels
• Advanced degree in Cybersecurity, Computer Science, Business or related field
• Strong track record in problem evaluation and solution development in the SLTT community.
• 5+ years as a senior or executive leader overseeing cybersecurity operations
• Experience working with federal, state, and local government
• Experience leading geographically distributed teams

*Additional years of relevant experience or a combination of an Associate's degree or equivalent and relevant experience may be substituted for the Bachelor's degree.

*Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use
• False Statements
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.