Director of Information Security


RFA is currently seeking a Director of Information Security, who will be responsible for developing, implementing and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The Director of Information Security will provide the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system availability, integrity and confidentiality. This position reports to the Chief Technology Officer (CTO).


  • Provides the direction for RFA’s data and cybersecurity protection, and oversees security governance and policies.
  • Develops, maintains and publishes up-to-date security strategy, policies, standards and guidelines. Oversees training and dissemination of security policies, practices, and awareness programs.
  • Develops, oversees and implements effective disaster recovery policies and standards to align with company business continuity plans.
  • Evaluates potential security breaches, coordinates incident response, and recommends corrective actions.
  • Performs periodic audits and due diligence checks of security protocols, evaluating systems for vulnerabilities.
  • Provides strategic risk assessment & guidance for IT projects, including evaluation and recommendation of technical controls and mitigation strategies.
  • Collaborates with IT and compliance team(s) as needed, and coordinates the IT component of both internal and external audits, federal examinations to ensure security programs are in compliance with relevant laws, regulations, and policies.
  • Evaluates new cybersecurity threats and IT trends and develops effective security controls.
  • Define and report on information security metrics.
  • Supervise staff as assigned in the performance of their job duties.
  • Ensures accomplishment of all objectives in accordance with RFA policies, procedures, and strategic direction, as well as applicable regulatory standards
  • Maintains current knowledge of industry and regulatory trends and developments for enterprise technology.
  • Performs other duties as assigned.


  • Bachelor’s degree from an accredited institution, with a degree preferred in Computer Science or Information technology systems security or related field. Master’s degree preferred.
  • Minimum of ten (10) years of experience in a field directly-related to the title of the position .
  • Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification required.
  • Knowledge of security administration and information technology governance in a multi-platform environment.
  • Experience in establishing cybersecurity and risk metrics for reporting.
  • Strong emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
  • Demonstrated management skills, e.g., budget development and administration, policy development and implementation, personnel administration, staff training and development.
  • Demonstrated ability to work in a diverse, multicultural environment; effective oral and written communication skills.
  • Capable of lifting/carrying 20 lbs. and occasionally up to 50 lbs.; some physical activity required.

RFA is an equal opportunity employer committed to workforce diversity.
RFA encourages all qualified individuals to apply. If hired, the candidate must provide proof of eligibility to work in the U.S. as an employee of RFA. RFA reserves the right to reconsider or withdraw any offer of employment to any candidate whose authorization to work in the U.S. as an employee of RFA, or extension of such authorization, would require RFA to file or support a petition or related documentation.

How to apply: Send résumé with cover letter referencing "Director of Information Security" in subject line via e-mail to or fax to 202-530-7797.

View Full Site