Join us and make a difference in global investor protection.
Who We Are
The Public Company Accounting Oversight Board (PCAOB), a nonprofit organization established by Congress, oversees the audits of public companies and SEC-registered brokers and dealers to protect investors and to further the public interest in the preparation of independent, accurate, and informative audit reports.
Our investor protection mission is focused on modernizing audit standards, enhancing audit inspections, and strengthening enforcement of PCAOB rules and standards and other related laws and rules. People are at the heart of our mission at the PCAOB. As we carry out that mission, we strive to uphold the highest standards in audit quality with investors' families, savings, and futures in mind.
We are hiring mission-driven professionals interested in a career with purpose, competitive benefit offerings, and work-life flexibility. If you are interested in working with a group of talented professionals to protect investors and drive audit quality and innovation while adhering to the highest standards of ethical and professional conduct, join us.
What We Offer
At the PCAOB, we offer a highly competitive compensation and benefits package with a focus on the health and financial well-being of our valued team members. Some of the features of our comprehensive Total Rewards package include:
• Compensation - We support transparency, equity, and fairness in our compensation programs and provide a reasonable estimate of the salary range, based on data-driven market analysis, for each job posting. While it is not typical for an individual to be hired at or near the top of the range, a reasonable estimate of the salary range for this role in Washington, DC (Headquarters) is $248,100 - $400,000. Team members may also be eligible for performance-based discretionary awards.
• Hybrid work option - Staff will be assigned to the Washington, DC (Headquarters) office.
• Generous paid time off - Up to 6 weeks annually, in addition to 12 federal holidays, and 2 floating holidays and a year-end break December 28 - 31, 2026.
• Highly competitive 401(k) match and savings options - Immediate vesting and contributions matched dollar for dollar, up to 7 percent of eligible compensation. Roth in-plan conversion available.
• Comprehensive and competitive health benefit offerings - Medical, dental, and vision plans
• Supportive paid family leave benefits - Up to 16 weeks paid parental leave and up to 16 weeks paid caregiver leave
• Life insurance benefits - Basic life and AD&D insurance provided; supplemental insurance also available
• Education benefits - PCAOB staff qualify for the Public Service Loan Forgiveness (PSLF) program. We also offer student loan repayment assistance, staff college tuition assistance, and college coach program support.
• Well-being and family resources - Mental health and well-being resources, paid volunteer time, emergency child/adult dependent back-up care services, family-forming assistance, discounted gym memberships, employee assistance program (EAP), health advocate program, and more
• Commuter benefits - Tax-free employer subsidy and pretax employee deductions
Position Summary
The PCAOB has a full-time position for a Chief Information Security Officer (CISO) in the Office of Technology (OT). This role will be located at our Washington, DC (Headquarters) office and will report to the Chief Information Officer (CIO). The CISO will participate and contribute as an effective member of the PCAOB leadership team, working closely with and advising the CIO, PCAOB executive leadership, and Board on all matters related to the information security program and cybersecurity operations of the PCAOB.
Responsibilities
The CISO will be responsible for the strategic leadership, implementation, monitoring, reporting, and continuous improvement of the PCAOBs information security program. This includes:
• Working with PCAOB leadership, divisions, and offices to oversee and mature the operations of a PCAOB-wide information security organization with a common goal in information security and cybersecurity risk.
• Providing leadership and fostering collaboration with risk, compliance, and legal teams and business stakeholders to ensure a secure approach to innovation and the application of artificial intelligence (A.I.).
• Providing leadership and promoting automation for configuration and deployment in support of Security Operations (SecOps); managing institution-wide information security processes by leading OT information security staff to maintain an effective information security program and implement associated priorities.
• Leading efforts to continually assess, evaluate, and make recommendations to management regarding the adequacy of the IT general and security controls for the PCAOB and technology systems, which requires a proactive, hands-on approach.
• Developing, implementing, and administering technical cybersecurity standards, as well as the suite of security services and tools, and aligning to existing PCAOB policies, frameworks, and procedures.
• Designing and implementing a tactical structure to address Security Operations Center (SOC) structures to better enable outage notifications, security risks/threats, or elevation of incidents that occur within the PCAOB environment.
• Establishing annual and long-range cybersecurity and compliance goals, aligning with data and technology strategies, creating and monitoring Key Performance Indicators (KPI), and forging a multi-year information security roadmap.
• Proactively identifying, assessing, and prioritizing IT risks to data and systems in coordination with OT portfolio management and OERM, including internal/external threats, cyber-crimes, and vendor/third-party risks; partnering with OERM or relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
• Leading a technical team to proactively work with business units across the PCAOB to implement practices and ensure implementation of technological controls that meet agreed-on policies and standards for information security.
• Leading the development and implementation of effective frameworks, relevant policies, processes, and practices to secure protected and sensitive data in accordance with the PCAOB's Information Sensitivity Classification, ensuring compliance with relevant legislation and legal interpretation.
• Collaborating and coordinating with the CRO to identify, evaluate, and report on OERM organizational-level risk reports to the Board in areas such as legal and regulatory, IT, and cybersecurity risk, while supporting and advancing business objectives.
• Providing leadership supporting a team to streamline and maintain a modern compliance model for cybersecurity safeguards, including access controls, MFA, encryption, asset classification, change management, patch management, network segmentation, firewalls, detection technologies including network and endpoint security, insider threat protection, logging and network monitoring, and vulnerability management.
• Conducting and supporting regular internal and external security assessments, tabletop exercises, penetration tests, playbook development, and red/purple team exercises to proactively test the effectiveness of security controls, including OT Security Program Assessments and corrective action plans.
• Keeping abreast of security incidents and acting as primary control point during significant information security incidents; convening a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidents that arise.
• Maturing education and awareness programs and advising PCAOB leadership at all levels on security issues, best practices, and vulnerabilities.
• Examining impacts of new technologies on the PCAOB's overall information security; establishing processes to review implementation of new technologies to ensure security compliance.
• Performing the full range of supervisory duties, including resource allocation plans, evaluating employee performance; making recommendations for appointment and promotion; hearing and resolving complaints; identifying development and training needs of employees; and other related supervisory tasks.
Qualifications
Education/Technical Expertise
• Bachelor's degree or equivalent experience in information technology, engineering, computer science, cybersecurity, or related field.
• Minimum of 15+ years experience in cybersecurity with 5+ years in progressive leadership roles.
• Minimum of 7+ years experience directly supporting reference architectures around Microsoft Technology environments.
• Minimum of 5+ years Agile experience managing Scrum/Kanban teams and Agile methodologies/ceremonies.
• Minimum of 5+ years experience with cloud computing/elastic computing across virtualized environments.
Working knowledge of Data Loss Prevention (DLP) programs and best practices, including expertise in securing large, unstructured, and rapidly evolving data sets.
Hands-on experience implementing NIST, ISO, SOX, PCI, or other frameworks.
Working knowledge of security architectures and compliance best practices with Microsoft Azure, Cloud Access Security Brokers (CASB), and Zero-trust environments.
Experience with contract and vendor negotiations and management including managed services.
Experience in planning, organizing, and developing IT security system technologies.
Ability to explain information security, cyber security, and data privacy issues and programs to non-technical and non-expert audiences.
Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.
Proven record of strategic planning, functional transformation experience, and conflict management.
A self-starter able to administer several open, ongoing assignments at any one time, where some assignments are routinely unstructured, requiring autonomy and independent judgment.
In-depth experience successfully harmonizing diverse and competing interests.
Ability to clearly articulate a position with sound logic, supporting empirical evidence, and impartiality.
Ability to effectively represent the organization to a variety of both internal and external constituencies, deconstruct complex challenges, and translate business needs into technology solutions.
Occasional travel to the PCAOB's regional offices.
Superior verbal and written communication skills.
Preferred Qualifications
CISM, CISSP, CRISC or other relevant certification.
Leadership/Management Skills and Abilities
• Ability to work in matrixed environments.
• Ability to work in Agile operating frameworks.
• Ability to flourish in environments of change to advance continuous improvement.
• Ability to drive a positive "tone at the top" of the organization and hold others accountable for doing the same.
• Ensures that own behavior and the behavior of others is consistent with the highest ethical standards and aligns with the values of the organization.
• Must be able to motivate and inspire employees at all levels of the organization in order to enhance team commitment and individual performance.
• Proven ability to develop, coach, and mentor staff, providing constant feedback and clear direction.
• Ability to promote collaboration by unifying teams, setting common goals and incentivizing collaborative behavior.
• Demonstrated success in establishing and maintaining positive working relationships with others, both internally and externally, to achieve the goals of