Job Announcement: HR2025:06
Position Title: Chief Information Security Officer (CISO)
Advertising: Publicly
Immediate Supervisor: Chief Information Officer (CIO)
Department Director: Chief Information Officer (CIO)
Department: Information Technology (I.T.)
Division: Tribal Chair’s Office
Employment Status: Exempt
Position Type: Regular Full–Time
Mandatory Reporter: No
Background Check Required: Yes (data-sensitive)**
Opening Date: Thursday, January 9, 2025
Closing Date: Open Until Filled

Preference shall be given in accordance with the Title 33 (Tribal Employment Rights) of the Tribal Code/DFWP.

Overall Objectives of Position
The Chief Information Security Officer (CISO) is a senior-level executive responsible for defining, implementing, and overseeing the Poarch Band of Creek Indians' enterprise-wide information security program. This critical role ensures the protection of IT infrastructure, digital assets, and sensitive data against evolving cybersecurity threats while maintaining compliance with applicable regulations and standards. Reporting directly to the CIO, the CISO will lead the development of a strategic security vision, align security initiatives with organizational priorities, and collaborate with stakeholders to embed cybersecurity best practices across all levels of the organization. The role may include supervision of one or more security analysts as the security team grows to support the Tribe’s needs. The CISO will play a pivotal role in advancing a resilient, secure, and adaptive IT environment. This job description is not an all-inclusive list of duties and responsibilities of this position. The Chief Information Security Officer is expected to perform all duties and responsibilities necessary to meet the goals and objectives of applicable programs.

The Chief Information Security Officer is expected to embody the Purpose and Values of the Poarch Band of Creek Indians and consistently demonstrate a commitment to excellence that exceeds expectations.

Primary Responsibilities of the Chief Information Security Officer

• Designs and implements a comprehensive, forward-looking information security strategy that aligns with the organization’s goals, objectives, and regulatory requirements.
• Regularly assess and updates the strategy to address evolving threats and organizational needs.
• Establishes, maintains, and enforces security policies, standards, and procedures.
• Ensures these policies are effectively communicated and integrated into daily operations to support a culture of cybersecurity awareness and compliance.
• Conducts regular risk assessments to identify and mitigate potential vulnerabilities in the organization’s IT systems, applications, and infrastructure.
• Oversees penetration testing, security audits, and vulnerability scans, and implement remediation strategies to address identified risks.
• Designs and manages security monitoring, threat detection, and response processes.
• Leads the organization’s response to cybersecurity incidents, ensuring timely investigation, containment, and resolution while minimizing impact and preserving evidence for further analysis.
• Evaluates, selects, and implements cutting-edge security technologies to enhance the organization's defense mechanisms.
• Areas of focus include, but are not limited to, network security, endpoint protection, identity and access management, and data loss prevention.
• Ensures compliance with applicable laws, regulations, and standards, including HIPAA, NIST, PCI DSS, and others as relevant to the organization.
• Works with legal and compliance teams to manage security audits and certification processes.
• Works closely with internal stakeholders, including executives and department leaders, to ensure security initiatives align with organizational objectives.
• Oversees cybersecurity awareness training programs to educate staff on best practices, phishing prevention, and other critical security topics.
• Stays informed about emerging security trends, technologies, and threat vectors.
• Adapts and refines security strategies and tools to maintain a proactive stance against potential threats.
• Prepares regular reports and presentations on the organization’s security posture, risks, and key initiatives for the CIO, executive leadership, and Tribal Council.
• Provides actionable recommendations to enhance cybersecurity resilience and drive informed decision-making.
• As a part of the Tribe’s commitment to community service, the employee may be asked to perform other duties in the office or field as needed to support organizational objectives.

Day-to-day Responsibilities

• Oversees daily operations of security tools and technologies, such as firewalls, intrusion detection systems (IDS), and security information and event management (SIEM) systems.
• Reviews system alerts and logs to detect potential threats or breaches.
• Responds to security incidents promptly, including identifying the source, mitigating damage, and implementing recovery strategies.
• Conducts post-incident analysis to improve future response efforts.
• Conducts routine risk assessments and vulnerability scans to identify potential security gaps.
• Prioritizes and oversees the remediation of identified vulnerabilities.
• Ensures compliance with organizational security policies, standards, and procedures.
• Regularly reviews and updates policies to reflect changes in technology, threats, and regulations.
• Works closely with the IT Engineering Services and Enterprise Systems Services teams to ensure security is integrated into all technology initiatives.
• Provides guidance on secure system design and configuration.
• Monitors compliance with applicable regulations, such as NIST, HIPAA, and PCI DSS.
• Prepares and manages audits and reports for regulatory and compliance reviews.
• Leads or coordinates security awareness training programs for employees to reduce human-related risks.
• Addresses user questions and concerns regarding security best practices and tools.
• Stays updated on emerging cybersecurity threats, trends, and technologies.
• Implements proactive measures, such as threat hunting and penetration testing, to detect and mitigate potential risks.
• Tracks progress on key security initiatives and projects.
• Ensures alignment of daily activities with the overall cybersecurity strategy.
• Evaluates and manages relationships with third-party vendors providing security solutions or services.
• Ensures third-party providers adhere to organizational security policies and standards.
• Maintains detailed documentation of security incidents, investigations, and resolutions.
• Prepares regular reports on the organization's security posture for the CIO and executive leadership.
• Addresses immediate security challenges and make quick, informed decisions to protect the organization.
• Develops solutions for improving security measures based on analysis and feedback.
• Oversees the timely application of security patches and updates to ensure systems remain protected against known vulnerabilities.
• Participates in meetings with executives, IT teams, and other departments to discuss security-related concerns, requirements, and strategies.

Education/License/Certification and Experience Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field required. Master’s degree in Cybersecurity, Information Assurance, or a related field preferred.
• Minimum of five (5) years of experience as a Chief Information Security Officer or a similar senior-level role.
• CISSP (Certified Information Systems Security Professional) certification required.
• CISM (Certified Information Security Manager) certification preferred.
• CRISC (Certified in Risk and Information Systems Control) certification preferred.
• CEH (Certified Ethical Hacker) certification preferred.
• GIAC certifications (e.g., GSEC, GPEN, GCFA) certification preferred.

Skills Required

• Ability to develop, implement, and oversee a comprehensive enterprise-wide cybersecurity strategy.
• Strong leadership skills to manage teams and influence stakeholders at all levels.
• In-depth knowledge of information security technologies, including firewalls, intrusion detection/prevention systems, endpoint protection, and SIEM solutions.
• Proficiency in cloud security, network security, encryption, and data protection methodologies.
• Experience conducting risk assessments and vulnerability analyses.
• Proficiency in designing and implementing effective mitigation strategies.
• Expertise in incident detection, investigation, containment, and resolution.
• Ability to lead incident response teams and manage complex security events effectively.
• Strong knowledge of regulatory frameworks and standards such as HIPAA, NIST, PCI DSS, GDPR, and others relevant to the organization.
• Capability to create and enforce comprehensive cybersecurity policies, standards, and guidelines.
• Ability to analyze complex security issues, evaluate potential risks, and recommend actionable solutions.
• Strong verbal and written communication skills to effectively convey technical security concepts to non-technical audiences, including executive leadership and Tribal Council members.
• Proficiency in creating detailed reports and strategic presentations.
• Proven ability to work collaboratively across departments, ensuring alignment of security initiatives with organizational priorities.
• Awareness of emerging cybersecurity threats, trends, and technologies.
• Commitment to maintaining up-to-date knowledge in the rapidly evolving field of information security.
• Experience supervising and mentoring staff, with the ability to build and lead an effective cybersecurity team.
• Ability to delegate responsibilities and foster professional growth among team members.
• Strong organizational skills to manage multiple security projects simultaneously.
• Ability to prioritize tasks and meet deadlines under pressure.
• Strong sense of ethics and commitment to maintaining the confidentiality, integrity, and availability of organizational information.
• Willing to travel and participate in training as recommended or required.

Additional Requirements

• Ability to work odd and irregular hours, as needed.
• Must successfully pass the required criminal and character background check.
• Ability to travel and participate in required training, leadership development, and other events.
• Ability to adequately and successfully perform all duties and responsibilities of this position.

Every applicant must complete an application provided by Human Resources. A resume will not be accepted in the place of an application.

**Please note ALL individuals selected for employment are required to complete a background investigation. Individuals being placed in positions designed as child-sensitive or data-sensitive must successfully complete a background check prior to employment.

INDIAN PREFERENCE, SPOUSAL PREFERENCE, OR FIRST GENERATION:

In the event more than one applicant meets the requirements, as stated in a job description, preference shall be given in the following order: (1) Tribal Member (2) First Generation Descendant of a Tribal Member (3) Spouse of Tribal Member (4) Indian (5) Non-Indian

In the event that a position of employment is funded in whole or in part my any federal grant and/or contract or other public funding, preference shall be given in the following order: (1) Indian (2) Non-Indian

In order to receive preference, the appropriate documentation must be submitted.