Position Description:

Mathematica applies expertise at the intersection of data, methods, policy, and practice to improve well-being around the world. We collaborate closely with public- and private-sector partners to translate big questions into deep insights that improve programs, refine strategies, and enhance understanding using data science and analytics. Our work yields actionable information to guide decisions in wide-ranging areas, from health, education, early childhood, and family support to nutrition, employment, disability, and international development. Mathematica offers our employees competitive salaries, and a comprehensive benefits package, as well as the advantages of being 100 percent employee owned. As an employee stock owner, you will experience financial benefits of ESOP holdings that have increased in tandem with the company’s growth and financial strength. You will also be part of an independent, employee-owned firm that is able to define and further our mission, enhance our quality and accountability, and steadily grow our financial strength. Learn more about our benefits here: https://www.mathematica.org/career-opportunities/benefits-at-a-glance

We are looking for a Chief Information Security Officer (CISO) to join our IT Services team working in the Washington, DC or Princeton, NJ office (with the ability to work from home and in-office in a hybrid schedule). This VP-level position will establish and maintain our corporate-wide information security management program to ensure that information assets are adequately protected. This person will work closely with executive management to determine acceptable levels of risk for the organization.

Responsibilities:

• Participate and contribute as an effective member of the leadership team, working closely with the Chief Information Officer
• Understand and interact with related disciplines through teams and work groups to ensure the consistent application of policies and standards across all technology projects, systems, and services
• Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
• Provide thought leadership in client and corporate security, privacy, risk, and compliance strategy and execution
• Create a governance structure around data security, risk, privacy, and ethical use that includes policy, procedures, and learning content
• Manage the Security, Risk and Compliance team supporting client projects
• Responsible for the company compliance program including SOC2, FedRAMP, FISMA, as well as assessing and attaining any new regulations in the future
• Cultivate a culture of security through the creation of an effective learning program, communications, and organizational readiness efforts
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Responsible for company incident response and investigations. Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program
• Work directly with the administrative and business units to facilitate risk assessment and risk management processes, including vendor and third-party risk management
• Responsible for leading and executing internal and external audit and compliance programs
• Develop, manage, and coach a team of security professionals
• Manage the deployment of team members to client projects
• Provide client facing leadership in the delivery of data compliance and security services
• Participates quarterly in board audit meeting; reports annually

Position Requirements:

• Bachelor’s Degree in Business Administration or a technology-related field
• Professional security management certification(s)
• Have a minimum of ten (10) years of experience in a combination of risk management, information security, and IT jobs
• Experience with contract and vendor negotiations and management including managed services
• Excellent written and verbal communications for internal and external audiences
• Specific experience in Agile (scaled) software development or other best in class development practices
• Experience with Cloud computing/Elastic computing across virtualized environments
• Experience managing security, risk, and compliance elements of cloud migrations and hybrid environments
• Experience leading security, risk and compliance activities associated with obtaining and maintaining corporate certifications and accreditations such as FedRAMP, CMMI, CMMC, ISO
• Working knowledge of Data Loss Prevention (DLP) programs and best practices, including expertise securing large, unstructured, and rapidly evolving data sets
• Working knowledge of security architectures and compliance best practices
• Understanding security, compliance, and privacy requirements for federal and state government agencies
• Familiarity with federal security regulations and standards (e.g. HIPAA, FISMA, FIPS, and FedRAMP), as well as experience with state specific privacy regulations
• Experience implementing a Governance, Risk and Compliance tool for enterprise risk management
• Expert knowledge of NIST frameworks
• Familiarity with other common information security management frameworks, such as ISO/IEC 27001
• A combination of equivalent education and work experience may be substituted for the above requirements
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Must be able to pass a background check

This position offers an anticipated annual base salary range of $230,000 - $280,000. This position is eligible for an annual bonus, based on company and individual performance.

Various federal agencies with whom we contract require that staff successfully undergo a background investigation or security clearance as a condition of working on the project. If you are assigned to such a project, you will be required to obtain the requisite security clearance.

To apply, please submit a cover letter, resume, location preference, and salary expectations.

In accordance with Executive Order 14042 and its implementing guidelines, all Mathematica employees must provide documentation that they have been fully vaccinated or obtain an accommodation through Human Resources by providing documentation from a licensed health care provider that they are unable to be vaccinated against COVID-19 because of a disability (which would include medical conditions) or provide an attestation that they are entitled to an accommodation because of a sincerely held religious belief, practice, or observance.

Available Locations: Princeton, NJ; Washington, DC

#LI-DI1