Job Description
Company: RK&K
Location: Washington, US
RK&K is seeking a Deputy Chief Information Security Officer to lead the development and execution of a dedicated cybersecurity program. Reporting directly to the Chief Information Officer, the Deputy CISO will be responsible for all cybersecurity operations, cyber risk management, security architecture, incident response, governance, compliance, and the long-term strategy required to protect RK&K’s people, data, systems, clients, and business operations.
This is a foundational leadership role. This position will be responsible for building a standalone cybersecurity function from the ground up. The Deputy CISO will separate cybersecurity responsibilities from traditional IT operations, establish clear ownership of security controls and risk decisions, and create a scalable security operating model that supports RK&K’s continued growth.
The Deputy CISO will partner closely with the CIO to define cybersecurity strategy, prioritize investments, strengthen cyber resilience, and align security initiatives with business objectives. This role requires a hands-on leader who can operate strategically while also building practical capabilities, policies, processes, tools, and teams.
Essential Functions
Cybersecurity Leadership and Strategy
• Serve as RK&K’s senior cybersecurity leader responsible for day-to-day cyber operations and execution of the firm’s cybersecurity roadmap.
• Partner with the CIO to develop, maintain, and execute a multi-year cybersecurity strategy aligned with RK&K’s business goals, client expectations, regulatory obligations, and risk appetite.
• Provide regular reporting to the CIO and executive leadership on security posture, risk trends, major initiatives, incidents, metrics, and investment needs.
• Advise the CIO on cybersecurity budget priorities, technology investments, staffing plans, vendor selection, and risk tradeoffs.
• Create annual and multi-year security plans with measurable goals, timelines, milestones, and success criteria.
• Represent cybersecurity in strategic technology planning, enterprise architecture decisions, digital transformation initiatives, acquisitions, client requirements, and major business initiatives.
Cyber Operations
• Develop and lead RK&K’s cyber operations program, including security monitoring, detection, response, vulnerability management, endpoint security, identity security, email security, cloud security, and threat management.
Governance, Risk, and Compliance
• Develop and lead RK&K’s cybersecurity governance, risk, and compliance program.
• Lead a formal cyber risk acceptance and exception process.
• Align cybersecurity compliance with contractual, regulatory, client-driven, and industry-specific cybersecurity requirements.
Security Architecture and Engineering
• Establish security architecture principles, standards, and review processes for infrastructure, applications, cloud services, networks, endpoints, and identity platforms.
• Partner with IT operations and enterprise architecture teams to ensure security is embedded into technology design and implementation.
Data Protection and Privacy Support
• Establish data protection strategies for sensitive business information, client data, employee data, financial data, intellectual property, and regulated information.
• Establish security requirements for document management, collaboration platforms, file shares, project data, client deliverables, and mobile access.
Incident Response, Resilience, and Business Continuity
• Develop incident response policies, plans, playbooks, communication templates, escalation matrices, and decision trees.
• Conduct tabletop exercises with executive leadership, IT, legal, HR, finance, communications, and business stakeholders.
• Establish ransomware readiness plans, including containment strategies, backup validation, recovery priorities, communication plans, and decision-making processes.
• Ensure backup environments are protected from compromise, unauthorized deletion, encryption by ransomware, and credential abuse.
• Define and maintain metrics for mean time to detect, mean time to respond, incident volume, root causes, recurring issues, and control failures.
Required Skills And Experience
• Bachelor’s degree in computer science, information technology, business administration, or related field.
• 10 or more years of progressive experience in information technology, cybersecurity, risk management, security engineering, infrastructure, or related disciplines.
• 5 or more years of cybersecurity leadership experience, including responsibility for security operations, incident response, governance, or cyber risk management.
• Experience developing cybersecurity strategy, roadmaps, policies, standards, operating models, and governance processes.
• Strong understanding of cybersecurity operations, including monitoring, detection, response, vulnerability management, endpoint security, identity security, and incident response.
• Experience with cyber risk assessments, risk registers, control maturity assessments, remediation planning, and executive risk reporting.
• Experience leading incident response activities, tabletop exercises, post-incident reviews, and cyber crisis coordination.
• Familiarity with enterprise security technologies such as SIEM, EDR/XDR, MDR, vulnerability management platforms, firewalls, email security, identity platforms, DLP, CASB, PAM, and cloud security tools.
• Strong knowledge of identity and access management, privileged access, multi-factor authentication, conditional access, single sign-on, and access reviews.
• Experience supporting security audits, client questionnaires, contract security requirements, cyber insurance, or compliance reviews.
• Ability to lead strategically while also operating hands-on in a developing security environment.
Preferred Skills And Experience
• Professional certifications such as CISSP, CISM, CISA, CRISC, GIAC, CCSP, CGRC, or similar credentials.
• Experience supporting organizations with distributed offices, remote employees, field operations, project-based work, or client-driven security requirements.
• Experience developing or overseeing managed detection and response, managed SOC, or co-managed security operations models.
• Experience with data classification, data loss prevention, records management, secure collaboration, and document protection.
• Experience with business continuity, disaster recovery, ransomware readiness, and backup resilience.
• Experience presenting cybersecurity risks, plans, and investment needs to executive leadership or board-level audiences.
• Experience leading organizational change, especially where security responsibilities are being separated from legacy IT operations.
Other Duties
This job description indicates the general nature and level of work, knowledge, skills, abilities, and other essential functions (as covered under ADA). It is not designed to cover or contain a comprehensive listing of all activities and duties required of the employee. Other duties are assigned as required.
What We Offer
RK&K offers excellent potential for career advancement and professional growth. We also offer attractive compensation packages commensurate with experience and a comprehensive benefits package including:
• Paid time off
• Matching 401(k) plan
• Student Loan Retirement Match Program
• Paid Holidays
• Tuition reimbursement
• Health, dental, vision, life, and disability insurances
• Paid parental leave
• Wellness programs and employee resource groups
• Career Development
• Much, much more!
Why RK&K?
As a full-service engineering and construction management firm, RK&K gives you the opportunity to directly impact the communities in which we live and work. What sets RK&K apart is an award-winning culture that has fostered a spirit of collaboration and trust for over 100 years. To its clients, the firm delivers concepts, processes, and outcomes designed for success. RK&K has earned its reputation as a trusted partner, responsive employer, and community steward.
Design your career at RK&K—Apply Today!
Visa Sponsorship: This position is not eligible for employer-sponsored work authorization. Applicants must be currently authorized to work in the United States without the need for current or future sponsorship.
Salary Range: $180K-$220K
Source: LinkedIn