• Develop and maintain a comprehensive cybersecurity strategy and best-practice policies in collaboration with Digital Innovations and Technology leadership.
• Communicate network security status and updates to museum leadership.
• Establish governance frameworks to assign ownership and accountability for cybersecurity policies and compliance.
• Align policies and procedures with frameworks like PCI DSS, NIST, GDPR, and ISO 27001.
• Lead risk management efforts by identifying, analyzing, and addressing cybersecurity risks across the organization.
• Oversee the implementation of cybersecurity measures for software systems, development processes, and IT operations.
• Conduct regular compliance audits, vulnerability scans, and risk assessments, recommending corrective actions.
• Manage third-party risk assessments for critical service providers and cloud-based technologies.
• Develop, maintain, and execute the incident response plan, including investigation, communication, resolution, and post-incident analysis.
• Establish protocols for mitigating and responding to cyber-attacks and maintaining disaster recovery plans.
• Monitor and optimize log collection, SIEM tools, and threat detection systems for real-time response.
• Design and deliver comprehensive cybersecurity training programs, including phishing simulations and incident response protocols.
• Foster a culture of security awareness by integrating policy training into museum-wide initiatives.
• Work with internal teams, including HR, Facilities, and Protection Services, to align cybersecurity policies with organizational goals.
• Coordinate meetings, documentation, and evidence collection with internal and external stakeholders to support compliance and operational expectations.
• Represent the museum in peer communities through conferences, publications, and outreach.
• Develop and monitor security metrics and KPIs to provide actionable insights for strategic decision-making.
• Research and recommend solutions for emerging security trends and compliance regulations.
• Manage multiple projects, ensuring effective planning, execution, and adherence to departmental goals and budgets.
• Draft and oversee RFPs, SOWs, schedules, and contracts related to cybersecurity initiatives.

Required Qualifications

• Bachelor's degree in computer science, information technology, or related field (or equivalent experience).
• Minimum 6 years’ experience in cybersecurity, governance, risk, and/or compliance roles
• Deep knowledge of information security and compliance frameworks, including relevant regulations and standards such as GDPR, PCI DSS, NIST Cybersecurity, ITIL, CIS and ISO 27001.
• Experience developing, implementing, and monitoring cybersecurity policies and procedures to support compliance requirements and user awareness.
• Excellent oral and written communication skills, highly detail-oriented, and adept at working under pressure to meet deadlines while managing multiple projects simultaneously.
• Hands-on experience with a wide range of infrastructure hardware and systems includes network switches, routers, firewalls, server OS’s, virtualization, storage, cloud, Wi-Fi, phone systems, and external voice and data connections (such as Cisco, Meraki, Windows Server, Active Directory, Linux, VMware, Azure, Office 365).

​

Preferred Qualifications

• Relevant security, risk, or audit certification such as CISM, or CISSP (preferred)
• Ability to adapt and apply a continuous learning mindset by staying current with emerging security threats, trends, and technologies to improve the museum’s security posture.
• Strong proficiency in project and task management skills. Ability to clearly communicate objectives and milestones with regards to departmental goals and overall museum strategy.
• Experience in integrating security operations by developing IT practices and leading complex technology initiatives.
• Experience with implementing cloud-based security technologies and tools, including IDS/IPS, encryption, and endpoint security.
• Experience with implementing cybersecurity platforms and tools like attack surface analysis, vulnerability scanning, penetration testing, and MDR/XDR platforms and developing metrics that support strategic decision making.
• Experience with patch management, security assessment, SIEM systems, and asset protection monitoring.
• Expertise in continuous monitoring techniques performing security assessments, employing endpoint and asset protection, patch management tools, and security information and event management (SIEM) tools for real-time threat detection and response.

• Application Materials: Please submit a cover letter, resume, and contact information for 3 references.

​

• Full-time Benefits include:
• Partner level membership to CMA
  • Free, unlimited admission to select Cleveland Museum of Art ticketed exhibitions (two adult member tickets per visit, subject to availability)
  • 50% off admission to select ticketed exhibitions for members' guests
  • Free admission to select ticketed exhibitions for unlimited children, 17 and younger, when accompanied by a member
  • Priority registration and discounts for museum art classes for adults and children
  • 20% discount in the museum store
  • 10% discount in the museum restaurant and café
  • Annual subscription to Cleveland Art members magazine
• Free Garage Parking
• Your employment relationship with the museum qualifies you for free or discounted admissions to other cultural institutions such as the Natural History Museum, Botanical Gardens, The Cleveland Zoo, etc.
• Medical
• Dental
• Vision
• Life and Accidental Death and Dismemberment Insurance
• Voluntary Life
• Short Term Disability
• Long Term Disability
• HSA
• FSA