Develop, implement, and maintain a comprehensive information security program that includes policies, procedures, and guidelines to protect the organization's information assets.
Regularly review and update the information security program to ensure it remains effective and aligned with industry best practices and regulatory requirements.
Ensure that the organization's information systems comply with all applicable security regulations and standards, including NIST, FISMA, and the Joint Special Access Program Implementation Guide (JSIG).
Conduct regular audits and assessments to verify compliance and address any identified gaps.
Lead the implementation and maintenance of security controls, such as access controls, data encryption, and vulnerability management.
Collaborate with IT and other departments to integrate security controls into existing and new systems.
Manage the organization's security incident response process, including the investigation of security incidents and coordination with internal and external stakeholders to resolve incidents.
Develop and maintain an incident response plan, conduct regular drills, and ensure all relevant personnel are trained on incident response procedures.
Provide guidance and support to technical teams in the development and implementation of security solutions and technologies.
Stay current with emerging security trends, threats, and technologies to provide informed recommendations.
Conduct security risk assessments to identify potential threats and vulnerabilities.
Develop and implement risk mitigation strategies to address identified risks, including the creation of risk management plans and the prioritization of security initiatives.
Generate and maintain documentation required for Risk Management Framework (RMF) processes, including Standard Operating Procedures (SOPs), security plans, risk assessments, and Plans of Action and Milestones (POA&M).
Requirements:
Candidates must have an active TS/SCI clearance with the ability to obtain CI Poly.
IAM level III certification (GSLC, CISM, CISSP, CCISO), or ability to obtain certification within six months of hiring.
Bachelor's degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement.
8 years of experience in cybersecurity or a related field, with prior experience in a leadership role
2+ years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community.
Strong knowledge of cybersecurity principles, tools, and techniques.
Security+ or equivalent (DoD 8570) if currently no IAM Level III certifications above
Preferred Qualifications:
Experience with federal information systems, Special Access Programs (SAPs) or Intelligence Community (IC).
Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG)