Chief Security Officer

The Democratic Party, Washington, DC (Remote)

Change that Matters

Duration: Full-Time

This is a role of enormous magnitude and import: the Chief Security Officer is responsible for developing and implementing the DNC’s IT and cybersecurity strategy. This position reports to the DNC’s Chief Technology Officer, with dotted line connections directly to the DNC Executive Director, and the DNC Chair. This role will partner closely with the leaders of our Engineering, Product, Data, and Operations teams to ensure that ownership and implementation of our cybersecurity program is fully cross-departmental.

The CSO leads the team responsible for day-to-day security operations, defining security architecture and strategy, ensuring compliance with relevant standards, managing outside vendors, and building both IT and Security teams. At the DNC, the IT team reports up to the CSO to ensure all IT programs and operations are aligned with the security strategy and that we maintain a “security first” posture. We should note that this is a position in a small organization with national prominence and as a result, we’re looking for someone who can alternate between leading strategic objectives and acting as an individual contributor in areas ranging from system administration to procurement. At the DNC, we see our work as foundational and enduring: this is not a hire we are looking to make as a cyclical position tied to any specific election year, but rather we want this person committed to guide the long-term strategic security initiatives at the DNC.

The CSO will have three primary areas of focus:
Engineering (source code security, SDLC, voter file security)
Enterprise (devices, accounts, services, staff workflow)
External-facing (public web sites, voter file partnerships with vendors, state parties, and campaigns)

The CSO will work on security efforts across the organization including the following:
Secure SDLC (software development life cycle): Helping the product development and engineering team use tools and best practices to ensure security bugs are found as early in the life cycle as possible, and remediated quickly regardless of where in the life cycle they are found.
Infrastructure security: Across our multiple cloud systems, ensure we use best practices across functional areas like key management, system creation and management, account lifecycle management, administrative functions, and networking. 
Network security and availability: DDoS prevention, network segmentation, implementing changes to align with our “zero trust” vision.
Identity and access management: Staff onboarding and offboarding, deployment of security keys, context-aware enforcement of devices, user lifecycle management.
Endpoint security: Monitoring and enforcement of security controls across laptops, tablets, and phones, patch management.

Specific Responsibilities

  • Security and IT architecture. Developing the security vision and nudging systems and processes in that direction. 
  • Define and promote the security and IT roadmap for the organization and integrate with the DNC’s overall technology and program roadmap 
  • Run security operations, including monitoring and alerting of system health, improving security controls. In this role, you’ll partner heavily with teams including Operations, Legal, HR, and Engineering to measure and improve our security posture. 
  • Governance and compliance. Ensuring our security and IT programs meets or exceeds industry best practices and has appropriate executive support.
  • Incident response planning and execution, including pre-incident functions like log aggregation and monitoring.
  • Program management of security projects across the organization including engineering, Legal, HR, Operations, and IT. 
  • Application and infrastructure security alignment. In our production environment, implement security controls and measure progress against objectives, including data flows with key partners. 
  • Law enforcement. Partnering with the General Counsel, the CSO will maintain a strong relationship with the FBI, DHS, and other law enforcement agencies. 
  • Leadership and responsibility for the IT and security teams.  This includes recruiting new team members and building out career paths for staff.
  • While the above points are largely internal functions, this is also a public facing role. You will work with outside groups like state parties, other committees, and other parts of the Democratic ecosystem. You will also work with our Communications team to tell our story in the media.

The Person

  • The CSO will be recognized as a subject matter expert in the area of information security. The ideal candidate will have:
  • Experience working on security incidents, including working with executive leadership, outside counsel, incident response firms, and ecosystem partners. 
  • Experience helping teams and organizations refactor their workflows and the tools they use to align with a “secure by default” strategy. 
  • Experience developing and maintaining a comprehensive information security program using an established framework.
  • Experience identifying and managing technical, security, and process debt.
  • Hands on experience with enterprise and production systems and technologies.
  • Examples include Okta, G Suite, AWS, and GCP.
  • An ability to work well with a range of people from extremely technical team members, to non-technical business leaders.
  • A track record of assessing threats, vulnerabilities, and risks from a business as well as a technical perspective and the ability to develop and champion affordable, efficient and timely security architectures and solutions that support the organization.
  • Some of these characteristics would also be valuable to the right candidate:
  • A background in securing tech organizations at multiple levels of scale, from small ephemeral startups to large, well-resourced organizations.
  • Experience communicating information security concepts to a broad range of technical and non-technical audiences.
  • Demonstrated success in establishing executive relationships and influencing executive decision making of business and technology leaders.
  • An active security clearance or ability to acquire one.
  • Experience working with law enforcement and government entities.
The DNC offers a generous benefit package, including:
- More than 30 days of paid time off, including Federal holidays, vacation, and personal days;
- Health and dental insurance for employee and dependents;
- 90% paid by the DNC, 10% paid by employee;
- Supplementary vision plans available to employees for purchase;
- Up to a 4% employer match DNC 401(k) plan;
- Employee Assistance Program (EAP) available to DNC employees and their dependents at no cost to staff;
- Pre-tax Flexible spending account benefits available to employee and dependants.

Physical Requirements:
The DNC is committed to supporting employees of varying abilities and to providing reasonable accommodations to enable individuals with disabilities to succeed at the DNC. The requirements of this role, related to its physical demands, described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. 

All DNC employees must be able to operate a computer and use a cell phone. For roles at the DNC that include frequent business travel expectations, we can discuss reasonable alternatives to travel in some instances. Most roles also require communicating with key external stakeholders of the organization in person, via the telephone, or via email. We welcome applicants with questions about accommodations to request to speak with our Human Resources Department. When an applicant with a disability requires an accommodation to have an equal opportunity to compete for this position, they may request it in writing by emailing our Human Resources Department.

Essential functions of the role include:
- Working from a computer for long periods of time; and,
- While performing the duties of this job, the employee may also frequently be required to communicate using the telephone, email, and in person with stakeholders.

The Democratic National Committee (DNC), is committed to diversity among its staff, and recognizes that its continued success requires the highest commitment to obtaining and retaining a diverse staff that provides the best quality services to supporters and constituents. The DNC is an equal opportunity employer and it is our policy to recruit, hire, train, promote and administer any and all personnel actions without regard to sex, race, age, color, creed, national origin, religion, economic status, sexual orientation, veteran status, gender identity or expression, ethnic identity or disability, or any other legally protected basis. The DNC is committed to providing reasonable accommodations to individuals with disabilities in the hiring process and on the job, as required by applicable law. The DNC will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.

About The Democratic Party

OUR PARTY Since 1848, the Democratic National Committee has been the home of the Democratic Party, the oldest continuing party in the United States. Today we are millions of supporters strong, fighting for progress and helping elect Democrats across the country to state government, Congress, and the White House. There are several core beliefs that tie our party together: Democrats believe that we're greater together than we are on our own—that this country succeeds when everyone gets a fair shot, everyone does their fair share, and everyone plays by the same rules. Our party is focused on building an economy that lifts up all Americans, not just those at the top. That's why Democrats are working to make progress on issues like job creation, equal pay, education, health care, and clean energy.

Want to learn more about The Democratic Party? Visit The Democratic Party's website.