DescriptionOverview RTI International is an independent, nonprofit research institute dedicated to improving the human condition. Our vision is to address the world's most critical problems with science-based solutions in pursuit of a better future. Clients rely on us to answer questions that demand an objective and multidisciplinary approach—one that integrates expertise across the social and laboratory sciences, engineering, and international development. Our staff of nearly 6,000 works in more than 75 countries—tackling hundreds of projects each year to address complex social and scientific challenges on behalf of governments, businesses, foundations, universities, and other clients and partners. We are seeking a Vice President, Information Security - Chief Information Security Officer (CISO) to provide Cybersecurity guidance, advice and monitoring to the CIO, RTI’s Executive team and Board of Governors. By integrating best industry practices, the CISO will ensure the Institute remains resilient against Cyber Security threats and preserves from Institutional impacts. Key responsibilities include developing a comprehensive Institute Global Cybersecurity Strategy and Approach that balances effective client work execution with stringent security guidelines for both client and Institute enterprise data. The CISO will maintain an independent perspective by reporting to the General Counsel in a dotted line capacity, fostering close collaboration with the legal team and all RTI’s Risk Management functions. In this role, the CISO will spearhead critical cybersecurity initiatives such as Data Loss Prevention (DLP) and Network Access Control (NAC), enhancing RTI's security posture through cutting-edge technological solutions. The CISO will also work collaboratively to select and implement security measures that meet compliance and contractual requirements, address vulnerabilities, and defend against security breaches. To be successful in this role, you will possess the following skills and abilities: Leadership and Collaboration: Ability to work with Executive and Board of Governors Level. Team-oriented and skilled in working within a collaborative environment. Ability to work well with others. Analytical and Problem-Solving: Proven analytical and problem-solving abilities. Ability to conduct research into IT security issues and products. Keen attention to detail and accuracy. Communication: Excellent written, oral, and interpersonal communication skills. Ability to present ideas in business-friendly and user-friendly language. Personal Attributes: Highly self-motivated and directed. Ability to prioritize multiple tasks. Ability to work independently. Ability to keep information strictly confidential when necessary. Ability to obtain proper security clearances as noted by contracts. Flexibility and Adaptability: Ability to travel as needed to domestic and international locations Responsibilities Essential Duties: Collaboration and Communication: Interfaces with Global Technology Solutions (GTS) teams and business unit (BU) leaders to enhance enterprise security and ensure compliance. Interfaces with BUs and GTS teams to implement and maintain cybersecurity measures for client data. Engages external cybersecurity advisors for independent advice to Executives and the Board of Governors. Develops and communicates security strategies and plans to staff, partners, and stakeholders. Collaborates with IT Compliance for enforcement of security policies and user access plans. Advises and educates executives, management teams, and end users on security importance and benefits. Collaborates with IT department leads to maintain RTI data and asset security. Collaborates with Privacy and Compliance officers to ensure compliance with security and privacy policies. Promotes and maintains strategic security relationships with internal and external entities, including vendors and partners. Security Management and Implementation: Participates in IT cybersecurity initiatives, including DLP, NAC, Vulnerability Management, and Threat Analysis. Participates in planning efforts to achieve business goals through security technology management. Reviews and administers all computer security systems and associated software. Manages vulnerability assessments, penetration tests, and security audits. Responds to investigation requests from Legal and Compliance and provides first-level response to security incidents. Implements security metrics to measure RTI's security posture effectiveness. Assesses and communicates security risks associated with company practices. Stays informed on security industry trends and emerging technologies. Strategic and Operational Oversight: Provides input into the security annual budget for purchasing, staffing, and operations. Supervises recruitment, development, retention, and organization of security staff. Provides mentoring, guidance, and performance reviews for staff. Ensures staff development, career progression, and high morale. Guides promotion and succession processes. Holds strategic and operational accountability for managed groups. Interacts with senior levels of the organization to develop and deliver accountability. Contributes to strategic and operational issues with senior managers. Provides full oversight of the function, leveraging new methodologies to advance the business. Leads the development of the function, ensuring sufficient resources and skill sets. Identifies and implements improvements in work processes. Manages staff through performance planning, development, and evaluation processes. Ensures practices to drive high staff morale and retention. Scientific/Technical Management: Writes and reviews proposals, mentors staff, and participates in business development activities. Leads or supports complex projects and mentors staff in project leadership. Oversees the development and adherence to standard operating procedures. Ensures professional credibility with key organizations. Helps develop the scientific and/or professional stature of staff. Qualifications Bachelor's Degree and 20 years of experience, Master's degree and 16 years of experience, PhD and 12 years of experience, or equivalent combination of education and experience. Preferred Technical Knowledge: Technical knowledge of infrastructure, application, and cloud security models. Knowledge of information security standards, rules, and regulations related to information security and data confidentiality on a global perspective. Knowledge of relevant legal and regulatory requirements, such as HIPAA and FISMA. Excellent knowledge of MS Word, Outlook, PowerPoint, Excel. Core Competencies Performance Management Business Process Improvement Team Management and Team Building Internet of Things (IoT) Security Cyber Security Information Security Audits Information Security Technologies Network and Internet Security Security Systems Risk Assessment EEO & Pay Equity Statements For San Francisco, CA USA Job Postings Only: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Further information is available here. RTI accepts applications to our job openings from candidates with criminal histories or conviction records in accordance with all applicable laws, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. For Applicants in Massachusetts Only: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. The anticipated pay range for this role is listed below. Our pay ranges represent national averages and may vary by location as a geographic differential may be applied to some locations within the United States. RTI considers multiple factors when making an offer including, for example: established salary range, internal budget, business needs, and education and years of work experience possessed by the applicant. Further, salary is merely one element to our offer. At RTI, we demonstrate our commitment to rewarding individual and team achievement through a total rewards package. This package includes (among other things) a competitive base salary, a generous paid time off policy, merit based annual increases, bonus opportunities and a robust recognition program. Other benefits include a competitive range of insurance plans (including health, dental, life, and short-term and long-term disability), access to a retirement savings program such as a 401(k) plan, paid parental leave for all parents, financial assistance with adoption expenses or infertility treatments, financial reimbursement for education and developmental opportunities, an employee assistance program, and numerous other offerings to support a healthy work-life balance. Equal Pay Act Minimum/Range $243,000 - $301,000
ResponsibilitiesEssential Duties: Collaboration and Communication: Interfaces with Global Technology Solutions (GTS) teams and business unit (BU) leaders to enhance enterprise security and ensure compliance. Interfaces with BUs and GTS teams to implement and maintain cybersecurity measures for client data. Engages external cybersecurity advisors for independent advice to Executives and the Board of Governors. Develops and communicates security strategies and plans to staff, partners, and stakeholders. Collaborates with IT Compliance for enforcement of security policies and user access plans. Advises and educates executives, management teams, and end users on security importance and benefits. Collaborates with IT department leads to maintain RTI data and asset security. Collaborates with Privacy and Compliance officers to ensure compliance with security and privacy policies. Promotes and maintains strategic security relationships with internal and external entities, including vendors and partners. Security Management and Implementation: Participates in IT cybersecurity initiatives, including DLP, NAC, Vulnerability Management, and Threat Analysis. Participates in planning efforts to achieve business goals through security technology management. Reviews and administers all computer security systems and associated software. Manages vulnerability assessments, penetration tests, and security audits. Responds to investigation requests from Legal and Compliance and provides first-level response to security incidents. Implements security metrics to measure RTI's security posture effectiveness. Assesses and communicates security risks associated with company practices. Stays informed on security industry trends and emerging technologies. Strategic and Operational Oversight: Provides input into the security annual budget for purchasing, staffing, and operations. Supervises recruitment, development, retention, and organization of security staff. Provides mentoring, guidance, and performance reviews for staff. Ensures staff development, career progression, and high morale. Guides promotion and succession processes. Holds strategic and operational accountability for managed groups. Interacts with senior levels of the organization to develop and deliver accountability. Contributes to strategic and operational issues with senior managers. Provides full oversight of the function, leveraging new methodologies to advance the business. Leads the development of the function, ensuring sufficient resources and skill sets. Identifies and implements improvements in work processes. Manages staff through performance planning, development, and evaluation processes. Ensures practices to drive high staff morale and retention. Scientific/Technical Management: Writes and reviews proposals, mentors staff, and participates in business development activities. Leads or supports complex projects and mentors staff in project leadership. Oversees the development and adherence to standard operating procedures. Ensures professional credibility with key organizations. Helps develop the scientific and/or professional stature of staff
QualificationBachelor's Degree and 20 years of experience, Master's degree and 16 years of experience, PhD and 12 years of experience, or equivalent combination of education and experience. Preferred Technical Knowledge: Technical knowledge of infrastructure, application, and cloud security models. Knowledge of information security standards, rules, and regulations related to information security and data confidentiality on a global perspective. Knowledge of relevant legal and regulatory requirements, such as HIPAA and FISMA. Excellent knowledge of MS Word, Outlook, PowerPoint, Excel. Core Competencies Performance Management Business Process Improvement Team Management and Team Building Internet of Things (IoT) Security Cyber Security Information Security Audits Information Security Technologies Network and Internet Security Security Systems Risk Assessment