Zolon is seeking an Information Systems Security Manager to provide support to the Client's Cross Domain Support Office including governance of delivering cross-domain capability at mission speed, defending the classified networks, enabling federated cross-domain services, and developing cross-domain expertise throughout the Client's operating environment.
Tasks:
Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations Program.
Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture and on cost/benefit analysis of information security programs, policies, processes, systems, and elements. Advise appropriate senior leadership or authorized officials of changes affecting the organization's cybersecurity posture. Collect and maintain data needed to meet system cybersecurity reporting. Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
Ensure that security improvement actions are evaluated, validated, and implemented as required.
Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment and are integrated into the continuity planning for that system and/or organization(s). Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. Evaluate cost/benefit, economic, and risk analysis in the decision-making process. Identify alternative information security strategies to address organizational security objectives.
Identify information technology (IT) security program implications of new technologies or technology upgrades. Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
Manage the monitoring of information security data sources to maintain organizational situational awareness. Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
Participate in an information security risk assessment during the Security Assessment and Authorization process. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
Provide enterprise cybersecurity and supply chain risk management guidance for the development of the Continuity of Operations Plans.
Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
Recognize a possible security violation and take appropriate action to report the incident, as required. Recommend policy and coordinate review and approval.
Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Use federal and organization-specific published documents to manage their computing environment system(s) operations.
Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
Participate in the Risk Governance process to provide security risks, mitigations, and input on another technical risk. Evaluate the effectiveness of the procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
Ensure that plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, and compliance monitoring occurs).
Participate in the acquisition process as necessary, following appropriate supply chain risk management practices. Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
Forecast ongoing service demands and ensure that security assumptions are reviewed as necessary. Define and/or implement policies and procedures to ensure the protection of critical infrastructure as appropriate.
Clearance Requirement: TS/SCI
Certification Requirement: IAT, IAM, or IASAE Level 3