Job Description

The intent of this job description is to provide a representative summary of the major duties, locations, and responsibilities performed by incumbent(s) in this job. Incumbent(s) may not be required to perform all duties in this description, and incumbent(s) may be required to perform work-related tasks other than those specifically listed in this description. This job description is not a “contract” between the employee and the Authority. The job duties and essential functions may be changed at the discretion of the General Manager.

GeneralJob Title:Director, Cyber Security ServicesJob Code:OA0423 Supervises Directly:YesNew or Revised:RevisedRegular or At-Will:At-WillDate:5/5/2026Exempt or Non-Exempt:ExemptCompensation Approval Signature: Union / Non-Union:Non-Union

Division

Department Name

Information Technology

IT-Information Security

Salary Schedule: Non-Union Salary RangeCost Center Code: 601015Grade:ESSBEssential Position:YesReports To:Vice-President, Information TechnologyEEO Code:Officials and AdministratorsWork FormatHybrid Who We Are & What We Do:

At DC Water, we provide more than 700,000 District of Columbia residents and 24.6 million annual visitors with essential water, wastewater, and stormwater services. DC Water also provides wholesale wastewater treatment services for 1.8 million people in Montgomery and Prince George's counties in Maryland, and Fairfax and Loudoun counties in Virginia. We aspire to be known for superior service, ingenuity, and stewardship to advance the health and well-being of our diverse workforce and communities. To achieve this vision, we commit to our shared mission every day—exceeding expectations by providing high quality water services in a safe, environmentally friendly, and efficient manner.

The Director, Cyber Security Services is responsible for identifying, assessing, and quantifying cybersecurity risks across the enterprise, encompassing both information technology (IT) and operational technology (OT) environments. This role evaluates, designs, develops, and oversees the implementation of cybersecurity and disaster recovery programs across all aspects of the Authority’s computing infrastructure to mitigate cyber risks and ensure the highest levels of cyber resilience. The Director, Cyber Security Services collaborates with a wide range of internal and external stakeholders, including IT and engineering leadership, security professionals, and regulatory partners such as WaterISAC, CISA, DHS, TSA, the FBI, and local law enforcement, as well as cybersecurity hardware and software vendors, to identify, plan, and implement physical and cybersecurity initiatives and programs that meet or exceed industry standards and Authority requirements.

Essential Duties & Responsibilities:

• Maintains awareness of industry specific developments regarding cybersecurity and assesses the impact on Authority systems and develops plans and schedules as necessary to ensure compliance. Monitors implementation plans for successful execution.

• Directs the Authority’s patch management and release management processes to ensure all systems are patched in a timely manner. Coordinates patching and maintenance with third party providers to ensure cloud solutions remain compliant.

• Conducts vendor risk assessments and ensures all IT vendors comply with Authority IT standards and guidelines, especially those related to cybersecurity.

• Leads risk management activities to enhance assessment and mitigate cyber risks for both IT and OT systems.

• Directs a network of security professionals and vendors via a matrix structure to evaluate, assess, and develop strategies regarding potential threats to the Authority’s computer and information infrastructure.

• Designs and implements protection goals, objectives, and metrics consistent with the corporate strategic plan to ensure the highest level of cyber resiliency; creates work breakdown structures (WBS), project plans, project cost estimates, project recommendations, status reports, and executive presentations focused on mitigating cybersecurity risks.

• Ensures security audits, risk analyses, vulnerability assessments, and network testing are conducted successfully.

• Directs the development and implementation of global security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security posture.

• Manages IT Assets and IT Inventory functions.

• Develops executive-level dashboards and reporting frameworks that clearly measure and communicate cyber risk, performance, and program maturity.

• Translates technical cybersecurity risks into clear business impacts and recommendations for executive leadership to support informed decision-making.

• Briefs leadership on the company’s cybersecurity posture, key risks, and mitigation strategies to ensure strong governance and alignment with risk tolerance.

• Collaborates with executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.

• Maintains relationships with local, state, and federal law enforcement and other related government agencies.

• Oversees incident response planning as well as the investigation of security breaches and assists with disciplinary and legal matters associated with such breaches as necessary.

• Directs activities of third party and internal resources in testing of cybersecurity protocols to ensure successful implementation and protections.

• Mentors the entire organization on security best practices by executing employee education/awareness programs.

• Ensures compliance with training initiatives designed to maintain enterprise-wide awareness levels.

• Leads the Cyber Threat Intelligence (CTI) Program by gathering and analyzing threat intelligence from a network of intelligence sources including but not limited to WaterISAC, DHS, the FBI, and others to ensure the Authority assets are properly secured.

• Guides enterprise strategic planning and operations related to cyber resiliency in collaboration with IT management.

• Prepares, champions, and manages the budget to support cyber resiliency capabilities for the enterprise.

• Works with outside consultants as appropriate to conduct independent security audits, assessment of security best practices and evaluation of products and services to meet a broad range of security needs for the Authority.

• Manages the IT Change Management process.

• Works with IT management on the design, implementation and testing of the enterprise Disaster Recovery Program and coordinates with the Emergency Management Group to ensure alignment with the broader Business Continuity Plan.

• Evaluates custom and third party hardware and software solutions from the perspective of security to ensure that all deployed solutions are secured in a manner consistent with the Authority’s approved security policies and procedures.

• Leads the Enterprises Incident Response team as it relates to issues concerning cybersecurity and/or business continuity and disaster recovery.

• Performs other duties and projects at the discretion of the Vice-President, Information Technology.

Supervisory Responsibilities: Directs a group of consultants and employees to ensure the security program and objectives are met.

Key Working Relationships: Interacts with Senior and Executive Level Staff members and employees throughout the Authority and representatives from other utilities and other government organizations and agencies.

Skills & Qualifications:

The qualifications listed below are representative of the knowledge, skill, and ability necessary for an individual to perform each essential responsibility satisfactorily. Reasonable amounts of training are provided.

Required Skills & Qualifications

Required Experience:

A minimum of ten (10) years of experience in the Information Technology field, including security, incident response, or a related area, with at least seven (7) years of management experience.

Minimum Education Requirements:Bachelor’s degree in Information Technology/Information Security Systems or a related technical field or the equivalent combination of education and experience consisting of a High School Diploma or General Educational Development certificate (GED) and a minimum of fourteen (14) years of experience in the Information Technology field, including security, incident response, or a related area, with at least seven (7) years of management experience. Required Skills: Must be able to communicate security-related concepts to a broad range of technical and non-technical staff.Experienced in business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.Excellent oral and written communications skills.Experience in leading organizations through compliance requirements. Required Licenses & Certifications: Must possess a CISSP or equivalent certification. Physical Requirements: General office conditions

Preferred Skills & Qualifications

Preferred Experience:N/A Preferred Education Requirements:N/A Preferred Skills:N/A

*The work environment characteristics described in the physical requirements section of the required skills & qualifications table are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential responsibilities.

Your Experience at DC Water

At DC Water, our people make us an industry leader. Join a group of thinkers, innovators, and problem solvers focused on protecting life’s most precious resource in the nation’s capital.

• Take pride in your work. We provide an essential service and do work that matters. A career at DC Water is an exciting opportunity to help improve the environment and make a lasting difference for the community.

• Connect to a strong culture. Everything we do is grounded in our shared values—accountability, trust, teamwork, customer focus, safety, and well-being.

• Be your true self. We are an inclusive organization that embraces diversity, and we recognize and celebrate employees’ individuality and unique contributions.

• Build your skills and career path. We are committed to developing a future-ready workforce by helping our employees develop skills for the jobs of tomorrow.

We are proud to be an EEO/AA employer M/F/D/V.

We maintain a drug-free workplace and perform pre-employment substance abuse testing.

The Americans with Disabilities Act prohibits discrimination against “qualified individuals with disabilities.”

If a reasonable accommodation is needed to participate in the job application or interview process, to

perform essential job functions, and/or to receive other benefits and privileges of employment, please

email complianceada@dcwater.com.