CISO and Director of Cybersecurity

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE—and make a difference with us.

Reporting to the CIO, the Chief Information Security Officer (CISO) and Director of Cybersecurity at MITRE oversees MITRE information, cyber, and technology security and is responsible for developing, implementing, and enforcing security policies to protect critical data that is consistent with the enterprise vision and strategy. The CISO is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The CISO is also responsible for ensuring that cybersecurity risk management and compliance, including IT and data privacy, are top priorities.

The CISO at MITREworks closely with the executive management team to determine acceptable levels of risk for the organization, and to ensure that all compliance aspects of the position are known and followed.

Furthermore, the CISO is expected to stay up to date with the latest intelligence and emerging technologies, including the evolving threat landscape, in order to anticipate security breaches, as well as ensure the training of the workforce on information security standards, policies and best practices. The CISO manages the incident response plan and conducts a series of regular tests to ensure the plan’s effectiveness and leads the response during a crisis.

Roles and Responsibilities:

• As the CISO of MITRE, you will be at the forefront of ensuring the security and compliance of our organization, processes, and technologies.

• You will be accountable for our internal security programs, partner with our sectors and teams to support our enterprise’s needs, establish thought leadership in the space, and influence external partners and sponsors.

• Develop and implement a comprehensive information security strategy aligned with business goals. This involves understanding MITRE’s risk tolerance and creating a roadmap to mitigate potential threats.

• Develop and implement secure processes and systems used to prevent, detect, mitigate, and recover from cyberattacks.

• Lead cybersecurity operations and implement disaster recovery protocols and business continuity plans to enable business resilience.

• Evaluate and strengthen MITRE’s data protection strategy by aligning business processes, IT software and hardware, local and wide area networks, people, operations, and projects with the organization’s overall security strategy.

• Manage the delivery of advanced cyber monitoring and incident response capabilities including performance of 7x24 monitoring, security controls, threat intelligence consumption and analytics.

• Lead formal investigations and manage responses to Cyber and Data Protection incidents and their resolution. Coordinate with legal, information security, safety, privacy & data protection, and other cross-functional colleagues on all matters related to information security and incident response, including communication, policy development, and enforcement aspects.

• Establish policies and determine the objectives and priorities of the cyber operations team and managed security service provider to ensure successful execution of the enterprise cyber strategy, business operation plans, programs, projects, and other initiatives.

• Oversee the delivery of cyber products, including the design, analysis, development, testing and troubleshooting of security solutions.

• Ensure that MITRE complies with relevant laws, regulations, and industry standards related to information security.

• Uphold technical and risk credibility with partners, sponsors and stakeholders across the enterprise. Interface frequently with information security industry groups to stay abreast of emerging security trends. Ensure security best practices and controls are in alignment with industry best practices and that guidance from regulatory requirements are included in security solutions.

• Foster and maintain trusting relationships with stakeholders, developers, and engineers across the enterprise and display a balanced, cross-functional perspective, liaising with the business to improve efficiency, effectiveness and productivity.

• Provide thought leadership and guidance to staff, fostering an environment that encourages employee participation, development, teamwork, and communication.

• Manage and respond to data privacy and cyber support requests from leaders across the enterprise and board of trustees.

Minimum Qualifications:

• Requires a minimum of 15 years of related experience with a Bachelor’s degree in Computer Science or related field; or 12 years and a Master’s degree; or a PhD with 10 years’ experience; or equivalent combination of related education and work experience (advanced degree in related field preferred).

• 15+ years of experience building, leading and scaling cybersecurity teams and managed services.

• 10+ years of progressive management experience, including leadership and development of large, high performing teams.

• Significant experience in information security and incident response within a major technology company.

• Proven experience advising on cyber risks, remediation, cybersecurity standards, frameworks, risk assessments and certification processes.

• Strong experience managing multiple high-visibility and high-impact enterprise cybersecurity programs with cross-functional teams while maintaining superior results including planning, development and management of technical requirements, design, testing and deployment of security solutions.

• Knowledge of network architecture concepts including topology, protocols, and components and network management principles, models, and tools.

• Knowledge of network security architecture, including the application of Defense-In-Depth principles, Principle of Least Privilege and knowledge of network traffic analysis methods

• Ability to seamlessly switch from executive-level risk conversations to diving deep into controls and technology to driving high level, strategic discussions around roadmaps and security solutions.

• Demonstrated clear communication skills and ability to interact effectively at all levels of an organization, and to influence senior management and executives (Including translating technical information based on specific audiences).

• Demonstrated experience in hybrid environment; on prem, public cloud security, Cloud Networking, Product Management

• Experience implementing cyber frameworks, such as NIST (National Institute of Standards and Technology) 800-171 and 800-53, Cybersecurity Maturity Model Certification (CMMC), MITRE ATT&CK, Zero Trust Architecture.

• Strong knowledge of infrastructure design - change and operation, including networking, hardware, storage, security

• Strong understanding of federal CISO responsibilities, and experience in multiple roles such as: Cyber Information Security Officer (CISO), Incident Responder / Network Security Analyst, Compliance Analyst, Security Architect, Security Engineer, Security Control Assessor, IT Auditor.

• Experience in Agile and DevSecOps

• Experience interfacing with sponsors and federal Contracting officials.

• Should possess industry recognized professional certifications (CISSP, GIAC, CISM, CCSP, CISA, CRISC, SAFe Product Management, AWS Security, AWS Advanced Networking Specialty, AWS Solutions Architect)

• Previously held a minimum of a secret clearance with the ability to obtain and maintain a Top-Secret security clearance. ​

Our culture is a tangible asset that endures through our people and leaders. At MITRE, our leaders must also demonstrate and continually develop a consistent set of shared Leadership Competencies:

• Lead with a Strategic Mindset: Drives alignment across MITRE to achieve our mission by engaging across and beyond the enterprise, making and executing decisions, and activating the Good Growth Strategy.

• Create Value: Takes a broad approach to solving complex problems using a national and global lens. Unleashes the full capabilities of our people in a relentless pursuit of innovative solutions that are scalable, equitable, transferable, and sustainable.

• Cultivate Inclusion: Creates an environment and opportunities, built on trust, where people can be their whole authentic self, feeling welcomed, supported, engaged, and respected for who they are and what they contribute to the organization. Embraces and engages all dimensions of diversity to exponentially expand MITRE’s impact in solving problems for a safer world.

• Communicate for Impact: Conveys powerful messages tailored to the unique needs of stakeholders—and desired outcomes—in a style that engages and inspires action. Exemplifies active listening to foster collaboration, understanding, and alignment.

• Commit to Action and Outcomes: Holds self and others accountable for acting on and achieving established objectives. Exemplifies cultural attributes while executing and delivering impactful outcomes.

This requisition requires the candidate to have a minimum of the following clearance(s):

This requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):

Work Location Type:

MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster and Pay Transparency.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE’s employment process, please email recruitinghelp@mitre.org.

Copyright © 2024, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.