Job Description
Job Description
The Lead Cybersecurity Analyst is a pivotal role within the Digital Innovation and Technology Services department, responsible for safeguarding the museum’s assets by managing cybersecurity risks. This position oversees the implementation, maintenance, and optimization of the cybersecurity program and related services. Key responsibilities include developing and enforcing policies, delivering training programs, conducting compliance assessments, testing security controls, and monitoring third-party security and compliance standards (e.g., PCI DSS, ISO 27001, GDPR, NIST Cybersecurity Framework).
Reporting to the Chief Digital Information Officer, the Lead Cybersecurity Analyst collaborates closely with the Director of Technology and senior leadership to foster a culture of security awareness and align the cybersecurity strategy with the museum’s overall goals. The role works across departments to assess risks, implement effective security solutions, and select appropriate tools and technologies to ensure a robust security posture. Additionally, the position manages business continuity planning, partnering with key departments to ensure uninterrupted operation of critical technology services.
Key Responsibilities Cybersecurity Strategy and Governance
- Develop and maintain a comprehensive cybersecurity strategy and best-practice policies in collaboration with Digital Innovations and Technology leadership.
- Communicate network security status and updates to museum leadership.
- Establish governance frameworks to assign ownership and accountability for cybersecurity policies and compliance.
- Align policies and procedures with frameworks like PCI DSS, NIST, GDPR, and ISO 27001.
Program Implementation and Risk Management
Lead risk management efforts by identifying, analyzing, and addressing cybersecurity risks across the organization.Oversee the implementation of cybersecurity measures for software systems, development processes, and IT operations.Conduct regular compliance audits, vulnerability scans, and risk assessments, recommending corrective actions.Manage third-party risk assessments for critical service providers and cloud-based technologies.Awareness Security Operations and Incident ResponseDevelop, maintain, and execute the incident response plan, including investigation, communication, resolution, and post-incident analysis.Establish protocols for mitigating and responding to cyber-attacks and maintaining disaster recovery plans.Monitor and optimize log collection, SIEM tools, and threat detection systems for real-time response.Policy Training and Security AwarenessDesign and deliver comprehensive cybersecurity training programs, including phishing simulations and incident response protocols.Foster a culture of security awareness by integrating policy training into museum-wide initiatives.Collaboration and CommunicationWork with internal teams, including HR, Facilities, and Protection Services, to align cybersecurity policies with organizational goals.Coordinate meetings, documentation, and evidence collection with internal and external stakeholders to support compliance and operational expectations.Represent the museum in peer communities through conferences, publications, and outreach.Metrics and Continuous ImprovementDevelop and monitor security metrics and KPIs to provide actionable insights for strategic decision-making.Research and recommend solutions for emerging security trends and compliance regulations.Project and Administrative ManagementManage multiple projects, ensuring effective planning, execution, and adherence to departmental goals and budgets.Draft and oversee RFPs, SOWs, schedules, and contracts related to cybersecurity initiatives.Requirements and Certifications
Bachelor's degree in computer science, information technology, or related field (or equivalent experience).Minimum 6 years’ experience in cybersecurity, governance, risk, and / or compliance rolesRelevant security, risk, or audit certification such as CISM, or CISSP (preferred)Deep knowledge of information security and compliance frameworks, including relevant regulations and standards such as GDPR, PCI DSS, NIST Cybersecurity, ITIL, CIS and ISO 27001.Experience developing, implementing, and monitoring cybersecurity policies and procedures to support compliance requirements and user awareness.Excellent oral and written communication skills, highly detail-oriented, and adept at working under pressure to meet deadlines while managing multiple projects simultaneously.Ability to adapt and apply a continuous learning mindset by staying current with emerging security threats, trends, and technologies to improve the museum’s security posture.Strong proficiency in project and task management skills. Ability to clearly communicate objectives and milestones with regards to departmental goals and overall museum strategy.Hands-on experience with a wide range of infrastructure hardware and systems includes network switches, routers, firewalls, server OS’s, virtualization, storage, cloud, Wi-Fi, phone systems, and external voice and data connections (such as Cisco, Meraki, Windows Server, Active Directory, Linux, VMware, Azure, Office 365).Experience in integrating security operations by developing IT practices and leading complex technology initiatives.Experience with implementing cloud-based security technologies and tools, including IDS / IPS, encryption, and endpoint security.Experience with implementing cybersecurity platforms and tools like attack surface analysis, vulnerability scanning, penetration testing, and MDR / XDR platforms and developing metrics that support strategic decision making.Experience with patch management, security assessment, SIEM systems, and asset protection monitoring.Expertise in continuous monitoring techniques performing security assessments, employing endpoint and asset protection, patch management tools, and security information and event management (SIEM) tools for real-time threat detection and response.Application Materials : Please submit a cover letter, resume, and contact information for 3 references.
Full-time Benefits include :
Partner level membership to CMAFree, unlimited admission to select Cleveland Museum of Art ticketed exhibitions (two adult member tickets per visit, subject to availability)50% off admission to select ticketed exhibitions for members' guestsFree admission to select ticketed exhibitions for unlimited children, 17 and younger, when accompanied by a memberPriority registration and discounts for museum art classes for adults and children20% discount in the museum store10% discount in the museum restaurant and caféAnnual subscription to Cleveland Art members magazineFree Garage ParkingYour employment relationship with the museum qualifies you for free or discounted admissions to other cultural institutions such as the Natural History Museum, Botanical Gardens, The Cleveland Zoo, etc.MedicalDentalVisionLife and Accidental Death and Dismemberment InsuranceVoluntary LifeShort Term DisabilityLong Term Disability
