Vice President, Information Security (Hybrid)

Vice President, Information Security (Hybrid)

Westat is a leader in research, data collection and analysis, technical assistance, evaluation, and communications. Our evidence-based findings help clients in government and the private sector accelerate advancements in health, education, transportation, and social and economic policy. Our dedication to improving lives through research and our approach to projects grounded in investigative curiosity, statistical and data rigor, adaptive methods, and advanced technology are why clients find exceptional value in our work. Westat is seeking a Vice President, Information Security to join our Technology & Digital Solutions team, reporting directly to the CIO. The Vice President, Information Security is tasked with the oversight and management of the organization's information security program. This role entails the development and implementation of security policies, procedures, and strategies aimed at safeguarding the company's data, systems, and networks from cyber threats. The Vice President will lead a team of security professionals, conduct risk assessments and security audits, and ensure compliance with relevant regulations and standards. Success in this position requires extensive experience in information security, strong leadership capabilities, and effective communication skills with both technical and non-technical stakeholders. This position is based at Westat's Corporate headquarters in Rockville, Maryland until November 2025 and is hybrid, requiring 3 days on-site each week. Westat will be relocating to Bethesda, Maryland in December 2025.

Key Responsibilities :

• Strategy, Governance & Leadership
• Design and execute a comprehensive information security strategy.
• Communicate security risks and strategies to senior leadership.
• Create and maintain an annual budget for information security.
• Work closely with business units and departments, including legal.
• Conduct annual performance reviews and develop professional development plans.
• Provide coaching, leadership, and professional development for staff.
• Compliance, Risk & Asset Management
• Ensure compliance with laws, regulations, and standards (e.g., NIST, CMMC, FISMA, ISO27001, HIPAA, GDPR).
• Oversee compliance documentation (e.g., SSP, POA&M).
• Develop and implement risk mitigation plans.
• Maintain a comprehensive inventory of IT and information assets.
• Develop and enforce security policies, procedures, and standards.
• Security Operations & Incident Response
• Develop and maintain an incident response plan and conduct drills.
• Lead incident response efforts for detection, containment, and remediation.
• Plan and oversee annual penetration testing activities.
• Oversee the design and implementation of secure IT architecture.
• Security Awareness & Training
• Develop and deliver training programs to promote security awareness.

Basic Qualifications :

Preferred Qualifications :

Internally this position is documented at Vice President, Technology and Digital Solutions. Westat offers a well-rounded and comprehensive benefits program focused on wellness and work / life balance. Subject to plan requirements, employees may participate in :

This opportunity will be posted for a minimum of 5 days and applications will be accepted on an ongoing basis. Westat is an Equal Opportunity Employer and does not discriminate on the basis of race, creed, color, religion, sex, national origin, age, veteran status, disability, marital status, sexual orientation, citizenship status, genetic information, or any other protected status under applicable law. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.