Join us and make a difference in global investor protection.

Who We Are

The Public Company Accounting Oversight Board (PCAOB), a nonprofit organization established by Congress, oversees the audits of public companies and SEC-registered brokers and dealers to protect investors and to further the public interest in the preparation of independent, accurate, and informative audit reports.

Our investor protection mission is focused on modernizing audit standards, enhancing audit inspections, and strengthening enforcement of PCAOB rules and standards and other related laws and rules. People are at the heart of our mission at the PCAOB.  As we carry out that mission, we strive to uphold the highest standards in audit quality with investors’ families, savings, and futures in mind. 

We are hiring mission-driven professionals interested in a career with purpose, competitive benefit offerings, and work-life flexibility. If you are interested in working with a diverse group of talented professionals to protect investors and drive audit quality and innovation while adhering to the highest standards of ethical and professional conduct, join us.

The PCAOB has a full time position for a Chief Information Security Officer (CISO) in the Office of, Technology (OT). This role will be located at our Washington, DC office and will report to the Chief Information Officer (CIO).  The CISO will participate and contribute as an effective member of the PCAOB leadership team, working closely with and advising the CIO, PCAOB executive leadership, and Board on all matters related to the information security program and cybersecurity operations of the PCAOB. Additionally, he/she will be responsible for the implementation, optimization, and delivery of our comprehensive information security strategy aligning our data and technology standards to the security posture of the PCAOB. The CISO, in collaboration with business leaders, will guide and assist with the development and implementation of a security program, facilitate information security governance, advise the CIO on security direction and resource investments, and design and align appropriate policies with respect to information security. This role will continuously assess and develop the cybersecurity landscape, act as a change agent, and help to lead information security resilience across OT and the PCAOB protecting all data and technology assets.  This role will collaborate and interact with the Chief Risk Officer (CRO) and the Office of Enterprise Risk Management (OERM) on information security risk related topics.

The Office of Technology (OT) maintains a clear vision for ongoing technology transformation that accelerates business value and outcomes.  The basics of digital transformation include embracing new ways of working, training and execution of agile approaches to critical IT services and solutions delivery, continual learning and building technical acumen in essential IT skills and capabilities, embracing a culture of continuous improvement, and a keen focus on customer-centricity.  Serving as technology partners with key stakeholders, OT fosters an environment of collaborating with PCAOB offices and divisions to assess the near- and long-term planning of IT investments and resources and creating engagement around the advancement digital transformation and innovation at all levels of the organization.

Responsibilities

• Responsible for the strategic leadership, implementation, monitoring, reporting, and continuous improvement of the PCAOB's information security program.

• Work with PCAOB leadership, divisions, and offices to oversee and mature the operations of a PCAOB-wide information security organization with a common goal in information security and cybersecurity risk.

• Provide leadership and promote automation for configuration and deployment in support of Security Operations (SecOps); manage institution-wide information security processes by leading OT information security staff to maintain an effective information security program and implement associated priorities.

• Lead efforts to continually assess, evaluate, and make recommendations to management regarding the adequacy of the IT general and security controls for the PCAOB and technology systems; requires proactive, hands-on approach.

• Develop, implement, and administer technical cybersecurity standards, as well as the suite of security services and tools, and align to existing PCAOB policies, frameworks, and procedures.

• Design and implement a tactical structure to address Security Operations Center (SOC) structures to better enable outage notifications, security risks/threats, or elevation of incidents that occur within the PCAOB environment.

• Establish annual and long-range cybersecurity and compliance goals, align with data and technology strategies, create and monitor Key Performance Indicators (KPI), and forge a multi-year information security roadmap.

• Proactively identify, assess, and prioritize IT risks to data and systems in coordination with OT portfolio management and OERM including internal/external threats, cyber-crimes, and vendor/third-party risks; partner with OERM or relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.

• Lead a technical team to proactively work with business units across the PCAOB to implement practices and ensure implementation of technological controls that meet agreed-on policies and standards for information security.

• Lead the development and implementation of effective frameworks, relevant policies, processes, and practices to secure protected and sensitive data in accordance with the PCAOB’s Information Sensitivity Classification ensuring compliance with relevant legislation and legal interpretation.

• Collaborate and coordinate with the CRO to identify, evaluate, and report on OERM organizational-level risk reports to the Board in areas such as legal and regulatory, IT, and cybersecurity risk, while supporting and advancing business objectives.

• Provide leadership supporting a team to streamline and maintain a modern compliance model for cybersecurity safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.

• Conduct and support regular internal and external security assessments, tabletop exercises, penetration tests, playbook development, and red/purple team exercises to proactively test the effectiveness of security controls including OT Security Program Assessments and corrective action plans.

• Keep abreast of security incidents and act as primary control point during significant information security incidents; convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise. This may require availability off hours, as applicable.

• Mature education and awareness programs and advise PCAOB leadership at all levels on security issues, best practices, and vulnerabilities.

• Examine impacts of new technologies on the PCAOB's overall information security; establish processes to review implementation of new technologies to ensure security compliance.

• Perform the full range of supervisory duties, including resource allocation plans, evaluating employee performance; making recommendations for appointment and promotion; hearing and resolving complaints; identifying development and training needs of employees; other related supervisory tasks.

• Other duties as assigned.

Qualifications

• Education/Technical Expertise

• Bachelor’s degree or equivalent experience in information technology, engineering, computer science, cybersecurity, or related field.

• Minimum of 15+ years experience in cybersecurity with 5+ years in progressive leadership roles.

• Minimum of 7+ years experience directly supporting reference architectures around Microsoft Technology environments.

• Minimum of 5+ years Agile experience managing Scrum/Kanban teams and Agile methodologies/ceremonies.

• Minimum of 5+ years experience with cloud computing/elastic computing across virtualized environments.

• Working knowledge of Data Loss Prevention (DLP) programs and best practices, including expertise securing large, unstructured, and rapidly evolving data sets.

• Hands-on experience implementing NIST, ISO, SOX, PCI, or other frameworks.

• Working knowledge of security architectures and compliance best practices with Microsoft Azure, Cloud Access Security Brokers (CASB), and Zero-trust environments.

• Experience with contract and vendor negotiations and management including managed services.

• Experience in planning, organizing, and developing IT security system technologies.

• Ability to explain information security, cyber security, and data privacy issues and programs to non-technical and non-expert audiences.

• Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.

• Proven record of strategic planning, functional transformation experience, and conflict management.

• A self-starter able to administer several open, ongoing assignments at any one time, where some assignments are routinely unstructured, requiring autonomy and independent judgment.

• In-depth experience successfully harmonizing diverse and competing interests.

• Ability to clearly articulate a position with sound logic, supporting empirical evidence, and impartiality.

• Ability to effectively represent the organization to a variety of both internal and external constituencies, deconstruct complex challenges, and translate business needs into technology solutions.

• Occasional travel to the PCAOB’s regional offices and to the headquarters office located in Washington D.C.

• Superior verbal and written communication skills.

Preferred Qualifications

• CISM, CISSP, CRISC or other relevant certification.

Leadership/Management Skills and Abilities

• Ability to work in matrixed environments

• Ability to work in Agile operating frameworks

• Ability to flourish in environments of change to advance continuous improvement

• Ability to drive a positive “tone at the top” of the organization and hold others accountable for doing the same.

• Ensures that own behavior and the behavior of others is consistent with the highest ethical standards and aligns with the values of the organization.

• Must be able to motivate and inspire employees at all levels of the organization in order to enhance team commitment and individual performance.

• Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.

• Ability to promote collaboration by unifying teams, setting common goals and incentivizing collaborative behavior.

• Demonstrated success in establishing and maintaining positive working relationships with others, both internally and externally, to achieve the goals of the organization.

• Strong ability to build credibility, organize effectively, solve problems quickly and communicate clearly.

• Possesses the balance and emotional intelligence required to meet the diverse needs of the divisions/offices.

• Proven ability to navigate and resolve various types of conflict in a timely and productive manner.

Equal Employment Opportunity

All PCAOB employees are entitled to equal opportunity and a professional work environment, free of discrimination and harassment. A workplace free of discrimination and harassment is fundamental to professional success and to the PCAOB's mission. The PCAOB will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.

#LI-Hybrid