After suffering the largest known U.S. government breach of personal information, the Office of Personnel Management is on the hunt for a new cybersecurity chief. The position, revealed on the federal government's job search site, marks the second new OPM information security role created since the agency disclosed the hack in June.
The new OPM chief information security officer will report to Chief Information Officer Donna Seymour, the agency’s top tech leader, who remains a target of blame for the breach.
Jeff Wagner, the current director of OPM's Security Operations Center, will stay on and report to the incoming CISO, OPM tells Nextgov. The new CISO, meanwhile, will oversee the center and IT security policy. OPM has had a job labeled CISO in the past -- but that individual only dealt with the policy piece. Andy Newton served in that capacity until May 30, five days before the attack was made public.
"OPM has elevated that position to lead both," an agency spokesman said in an email.
The prospective salary is pegged between $121,956 and $168,700.
The OPM CISO will be responsible for developing and executing an agency information security program that drives "an accountable, information security-conscious culture" and a "security infrastructure" compliant with federal, state and local regulations, according to the posting at USAJobs.gov.
Duties include replacing password logins with multifactor ID verification, requiring a user to enter a password and a smart card or real-time text message code. The attackers who broke into OPM's network last year allegedly needed only a stolen password to grab background check profiles detailing 21.5 million national security professionals and their family members.
The new chief’s managerial duties include supervising OPM data privacy, as well as providing guidance on cybersecurity initiatives at a national level. The agency CISO would create "governmentwide policies that support IT risk reduction for cyber security programs throughout the federal government," according to the job posting. The individual would also be in charge of responding to any cyberincidents.
To qualify for the gig, applicants need one year of specialized experience. By experience, OPM means time spent "investigating and resolving interagency cybersecurity incidents" in a way that allowed the operations to quickly bounce back, the job posting states.
In addition, the person's track record must demonstrate familiarity with leading-edge information security practices throughout a system's lifecycle, "including technology refresh and infusion of cybersecurity tools and systems,” USAJobs.gov states.
Interested cyber pros have until Nov. 19 to apply.
The addition of Triplett -- a veteran of General Motors, Motorola and most recently, SteelPointe Partners, a consulting firm, according to his LinkedIn profile – aligns with a 15-point cyber shape-up plan introduced in the aftermath of the OPM network intrusion.