The DHS Chief Information Security Officer (CISO) reports directly to the DHS Chief Information Officer, serves as the Department-wide Information Systems Security Manager (ISSM), and is the principal advisor for IT security matters.
- Issues Department-wide IT security policy, guidance, and architecture requirements for all DHS IT systems and networks.
- Implements and manages the Department-wide IT Security Program and ensure compliance with FISMA and OMB requirements.
- Serves as the principal Departmental liaison with organizations outside the DHS for matters relating to IT security.
- Reviews and approves the tools, techniques, and methodologies planned for use in certifying and accrediting DHS IT systems. This includes Security Test and Evaluation (ST&E) plans, contingency plans, and risk assessments.
- Reviews requests for waivers and exception to DHS IT security policy.
- Consults with the DHS Chief Security Officer on matters pertaining to physical security, personnel security, information security, investigations, and SCI systems, as they relate to IT security and infrastructure.
- Briefs the DHS Chief Information Officer and senior management on the status and outcome of ongoing and completed computer security incidents.
- Tests and evaluates periodically the effectiveness of information security policies, procedures, and practices.
- Develops and implements procedures for detecting, reporting, and responding to computer security incidents.
- Ensures preparation and maintenance of plans and procedures to provide continuity of operations for information systems.