This is a role of enormous magnitude and import: the Chief Security Officer is responsible for developing and implementing the DNC’s IT and cybersecurity strategy. This position reports to the DNC’s Chief Technology Officer, with dotted line connections directly to the DNC Executive Director, and the DNC Chair. This role will partner closely with the leaders of our Engineering, Product, Data, and Operations teams to ensure that ownership and implementation of our cybersecurity program is fully cross-departmental.
The CSO leads the team responsible for day-to-day security operations, defining security architecture and strategy, ensuring compliance with relevant standards, managing outside vendors, and building both IT and Security teams. At the DNC, the IT team reports up to the CSO to ensure all IT programs and operations are aligned with the security strategy and that we maintain a “security first” posture. We should note that this is a position in a small organization with national prominence and as a result, we’re looking for someone who can alternate between leading strategic objectives and acting as an individual contributor in areas ranging from system administration to procurement. At the DNC, we see our work as foundational and enduring: this is not a hire we are looking to make as a cyclical position tied to any specific election year, but rather we want this person committed to guide the long-term strategic security initiatives at the DNC.
The CSO will have three primary areas of focus:
Engineering (source code security, SDLC, voter file security)
Enterprise (devices, accounts, services, staff workflow)
External-facing (public web sites, voter file partnerships with vendors, state parties, and campaigns)
The CSO will work on security efforts across the organization including the following:
Secure SDLC (software development life cycle): Helping the product development and engineering team use tools and best practices to ensure security bugs are found as early in the life cycle as possible, and remediated quickly regardless of where in the life cycle they are found.
Infrastructure security: Across our multiple cloud systems, ensure we use best practices across functional areas like key management, system creation and management, account lifecycle management, administrative functions, and networking.
Network security and availability: DDoS prevention, network segmentation, implementing changes to align with our “zero trust” vision.
Identity and access management: Staff onboarding and offboarding, deployment of security keys, context-aware enforcement of devices, user lifecycle management.
Endpoint security: Monitoring and enforcement of security controls across laptops, tablets, and phones, patch management.
- Security and IT architecture. Developing the security vision and nudging systems and processes in that direction.
- Define and promote the security and IT roadmap for the organization and integrate with the DNC’s overall technology and program roadmap
- Run security operations, including monitoring and alerting of system health, improving security controls. In this role, you’ll partner heavily with teams including Operations, Legal, HR, and Engineering to measure and improve our security posture.
- Governance and compliance. Ensuring our security and IT programs meets or exceeds industry best practices and has appropriate executive support.
- Incident response planning and execution, including pre-incident functions like log aggregation and monitoring.
- Program management of security projects across the organization including engineering, Legal, HR, Operations, and IT.
- Application and infrastructure security alignment. In our production environment, implement security controls and measure progress against objectives, including data flows with key partners.
- Law enforcement. Partnering with the General Counsel, the CSO will maintain a strong relationship with the FBI, DHS, and other law enforcement agencies.
- Leadership and responsibility for the IT and security teams. This includes recruiting new team members and building out career paths for staff.
- While the above points are largely internal functions, this is also a public facing role. You will work with outside groups like state parties, other committees, and other parts of the Democratic ecosystem. You will also work with our Communications team to tell our story in the media.
- The CSO will be recognized as a subject matter expert in the area of information security. The ideal candidate will have:
- Experience working on security incidents, including working with executive leadership, outside counsel, incident response firms, and ecosystem partners.
- Experience helping teams and organizations refactor their workflows and the tools they use to align with a “secure by default” strategy.
- Experience developing and maintaining a comprehensive information security program using an established framework.
- Experience identifying and managing technical, security, and process debt.
- Hands on experience with enterprise and production systems and technologies.
- Examples include Okta, G Suite, AWS, and GCP.
- An ability to work well with a range of people from extremely technical team members, to non-technical business leaders.
- A track record of assessing threats, vulnerabilities, and risks from a business as well as a technical perspective and the ability to develop and champion affordable, efficient and timely security architectures and solutions that support the organization.
- Some of these characteristics would also be valuable to the right candidate:
- A background in securing tech organizations at multiple levels of scale, from small ephemeral startups to large, well-resourced organizations.
- Experience communicating information security concepts to a broad range of technical and non-technical audiences.
- Demonstrated success in establishing executive relationships and influencing executive decision making of business and technology leaders.
- An active security clearance or ability to acquire one.
- Experience working with law enforcement and government entities.
The Democratic National Committee (DNC), is committed to diversity among its staff, and recognizes that its continued success requires the highest commitment to obtaining and retaining a diverse staff that provides the best quality services to supporters and constituents. The DNC is an equal opportunity employer and it is our policy to recruit, hire, train, promote and administer any and all personnel actions without regard to sex, race, age, color, creed, national origin, religion, economic status, sexual orientation, veteran status, gender identity or expression, ethnic identity or disability, or any other legally protected basis. The DNC is committed to providing reasonable accommodations to individuals with disabilities in the hiring process and on the job, as required by applicable law. The DNC will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.