Chief Security Officer

This is a role of enormous magnitude and import: the Chief Security Officer is responsible for developing and implementing the DNC’s cybersecurity strategy and influencing the security posture of the entire Democratic Party. This position reports to the DNC’s Chief Technology Officer, with dotted line connections directly to the DNC Executive Director, and the DNC Chair. This role will partner closely with the leaders of our Engineering, Product, Data, and Operations teams to ensure that ownership and implementation of our cybersecurity program is fully cross-departmental.

The CSO leads the team responsible for day-to-day cybersecurity operations, defining security architecture and strategy, ensuring compliance with relevant standards, managing outside vendors, and managing our internal Security teams. We should note that this is a position in a small organization with national prominence and as a result, we’re looking for someone who can alternate between leading strategic objectives and acting as an individual contributor in areas ranging from system administration to procurement. At the DNC, we see our work as foundational and enduring: this is not a hire we are looking to make as a cyclical position tied to any specific election year, but rather we want this person committed to guide the long-term strategic security initiatives at the DNC.

The CSO will have three primary areas of focus:

Engineering (source code security, SDLC, data security)

Enterprise (devices, accounts, services, staff workflow)

External-facing (public web sites, voter file partnerships with vendors, state parties, and campaigns)

The CSO will work on security efforts across the organization including the following:

- Secure SDLC (software development life cycle): Helping the product development and engineering team use tools and best practices to ensure security bugs are found as early in the life cycle as possible, and remediated quickly regardless of where in the life cycle they are found.

- Infrastructure security: Across our multiple cloud systems, ensure we use best practices across functional areas like key management, system creation and management, account lifecycle management, administrative functions, and networking. 

- Organization-wide trainings and best practices: Act as a highly-visible internal leader to the organization in all-hands meetings and other regular communications to highlight cybersecurity focus areas.

Network security and availability: DDoS prevention, network segmentation, implementing changes to align with our “zero trust” vision.

- Identity and access management: Staff onboarding and offboarding, deployment of security keys, context-aware enforcement of devices, user lifecycle management.

- Endpoint security: Monitoring and enforcement of security controls across laptops, tablets, and phones, patch management.

- Converge strategies for virtual threats to the physical space: Collaborating with teams to ensure cyber security carries over into physical security due to information incorrectly shared or specific attacks like doxxing or SWATing.

• Security architecture. Developing the security vision and nudging systems and processes in that direction.
• Define and promote the security roadmap for the organization and integrate with the DNC’s overall technology and program roadmap.
• Run security operations, including monitoring and alerting of system health, improving security controls. In this role, you’ll partner heavily with teams including Operations, Legal, HR, and Engineering to measure and improve our security posture. 
• Governance and compliance. Ensuring our security programs meet or exceed industry best practices and have appropriate executive support.
• Driving pragmatic process improvements that speed up the operations of the DNC.
• Incident response planning and execution, including pre-incident functions like log aggregation and monitoring.
• Program management of security projects across the organization including Engineering, Legal, HR, Operations, and IT. 
• Application and infrastructure security alignment. In our production environment, implement security controls and measure progress against objectives, including data flows with key partners. 
• Collaboration with law enforcement. Partnering with internal counsel, the CSO will maintain a strong relationship with the FBI, DHS, and other law enforcement agencies. 
• Management of the security team. This includes recruiting new team members and developing talent within the team.
• While the above points are largely internal functions, this is also a public-facing role. You will work with outside groups like state parties, other committees, and other parts of the Democratic ecosystem. You will also work with our Communications team to tell our story in the media.
• Other duties as assigned to support the Technology department and the broader DNC's mission.

• The CSO will be recognized as a subject matter expert in the area of information security. The ideal candidate will have:
• Experience leading through security incidents, including working with executive leadership, outside counsel, incident response firms, and ecosystem partners. 
• Experience helping teams and organizations refactor their workflows and the tools they use to align with a “secure by default” strategy. 
• Experience developing and maintaining a comprehensive information security program using an established framework.
• Track record of navigating data privacy regulations.
• Experience identifying and managing technical, security, and process debt.
• Hands on experience with enterprise and production systems and technologies. -- Examples include Okta, G Suite, AWS, and GCP.

• An ability to work well with a range of people from extremely technical team members, to non-technical business leaders.
• Experience managing a diverse, values-driven team.
• A track record of assessing threats, vulnerabilities, and risks from a business as well as a technical perspective and the ability to develop and champion affordable, efficient and timely security architectures and solutions that support the organization.

• A background in securing tech and data organizations at multiple levels of scale, from small ephemeral startups to large, well-resourced organizations.
• Experience communicating information security concepts to a broad range of technical and non-technical audiences.
• Demonstrated success in establishing executive relationships and influencing executive decision making of business and technology leaders.
• An active security clearance or ability to acquire one.
• Experience working with law enforcement and government entities.

The starting salary for the Chief Security Officer is $205,000, on an annualized basis, commensurate with experience and qualifications. This is a full-time, exempt position that may require work on weekends.

Due to federal campaign finance rules, only U.S. citizens or U.S. green card holders are eligible for this role. See 52 U.S.C. 30121; 11 C.F.R. 110.20(i).

Salary : $205,000