• Designs and implements a comprehensive, forward-looking information security strategy that aligns with the organization’s goals, objectives, and regulatory requirements.
• Regularly assess and updates the strategy to address evolving threats and organizational needs.
• Establishes, maintains, and enforces security policies, standards, and procedures.
• Ensures these policies are effectively communicated and integrated into daily operations to support a culture of cybersecurity awareness and compliance.
• Conducts regular risk assessments to identify and mitigate potential vulnerabilities in the organization’s IT systems, applications, and infrastructure.
• Oversees penetration testing, security audits, and vulnerability scans, and implement remediation strategies to address identified risks.
• Designs and manages security monitoring, threat detection, and response processes.
• Leads the organization’s response to cybersecurity incidents, ensuring timely investigation, containment, and resolution while minimizing impact and preserving evidence for further analysis.
• Evaluates, selects, and implements cutting-edge security technologies to enhance the organization's defense mechanisms.
• Areas of focus include, but are not limited to, network security, endpoint protection, identity and access management, and data loss prevention.
• Ensures compliance with applicable laws, regulations, and standards, including HIPAA, NIST, PCI DSS, and others as relevant to the organization.
• Works with legal and compliance teams to manage security audits and certification processes.
• Works closely with internal stakeholders, including executives and department leaders, to ensure security initiatives align with organizational objectives.
• Oversees cybersecurity awareness training programs to educate staff on best practices, phishing prevention, and other critical security topics.
• Stays informed about emerging security trends, technologies, and threat vectors.
• Adapts and refines security strategies and tools to maintain a proactive stance against potential threats.
• Prepares regular reports and presentations on the organization’s security posture, risks, and key initiatives for the CIO, executive leadership, and Tribal Council.
• Provides actionable recommendations to enhance cybersecurity resilience and drive informed decision-making.
• As a part of the Tribe’s commitment to community service, the employee may be asked to perform other duties in the office or field as needed to support organizational objectives.

​

Day-to-day Responsibilities

​

• Oversees daily operations of security tools and technologies, such as firewalls, intrusion detection systems (IDS), and security information and event management (SIEM) systems.
• Reviews system alerts and logs to detect potential threats or breaches.
• Responds to security incidents promptly, including identifying the source, mitigating damage, and implementing recovery strategies.
• Conducts post-incident analysis to improve future response efforts.
• Conducts routine risk assessments and vulnerability scans to identify potential security gaps.
• Prioritizes and oversees the remediation of identified vulnerabilities.
• Ensures compliance with organizational security policies, standards, and procedures.
• Regularly reviews and updates policies to reflect changes in technology, threats, and regulations.
• Works closely with the IT Engineering Services and Enterprise Systems Services teams to ensure security is integrated into all technology initiatives.
• Provides guidance on secure system design and configuration.
• Monitors compliance with applicable regulations, such as NIST, HIPAA, and PCI DSS.
• Prepares and manages audits and reports for regulatory and compliance reviews.
• Leads or coordinates security awareness training programs for employees to reduce human-related risks.
• Addresses user questions and concerns regarding security best practices and tools.
• Stays updated on emerging cybersecurity threats, trends, and technologies.
• Implements proactive measures, such as threat hunting and penetration testing, to detect and mitigate potential risks.
• Tracks progress on key security initiatives and projects.
• Ensures alignment of daily activities with the overall cybersecurity strategy.
• Evaluates and manages relationships with third-party vendors providing security solutions or services.
• Ensures third-party providers adhere to organizational security policies and standards.
• Maintains detailed documentation of security incidents, investigations, and resolutions.
• Prepares regular reports on the organization's security posture for the CIO and executive leadership.
• Addresses immediate security challenges and make quick, informed decisions to protect the organization.
• Develops solutions for improving security measures based on analysis and feedback.
• Oversees the timely application of security patches and updates to ensure systems remain protected against known vulnerabilities.
• Participates in meetings with executives, IT teams, and other departments to discuss security-related concerns, requirements, and strategies.

Required Qualifications

​

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field required.
• Minimum of five (5) years of experience as a Chief Information Security Officer or a similar senior-level role.
• CISSP (Certified Information Systems Security Professional) certification required.

​

Preferred Qualifications

​

• Master’s degree in Cybersecurity, Information Assurance, or a related field preferred.
• CISM (Certified Information Security Manager) certification preferred.
• CRISC (Certified in Risk and Information Systems Control) certification preferred.
• CEH (Certified Ethical Hacker) certification preferred.
• GIAC certifications (e.g., GSEC, GPEN, GCFA) certification preferred.

• Ability to work odd and irregular hours, as needed.
• Must successfully pass the required criminal and character background check.
• Ability to travel and participate in required training, leadership development, and other events.
• Every applicant must complete an application provided by Human Resources. A resume will not be accepted in the place of an application.

​

Please note ALL individuals selected for employment are required to complete a background investigation. Individuals being placed in positions designated as child-sensitive or data-sensitive must successfully complete a background check prior to employment.

​

INDIAN PREFERENCE, SPOUSAL PREFERENCE, OR FIRST GENERATION: In the event more than one applicant meets the requirements, as stated in a job description, preference shall be given in the following order: (1) Tribal Member (2) First Generation Descendant of a Tribal Member (3) Spouse of Tribal Member (4) Indian (5) Non-Indian. In the event that a position of employment is funded in whole or in part by any federal grant and/or contract or other public funding, preference shall be given in the following order: (1) Indian (2) Non-Indian. In order to receive preference, the appropriate documentation must be submitted.