Category
Information Technology
Job Location
Springfield, Virginia
Tracking Code
CMA 4939-585
Position Type
Full-Time/Regular
CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation Company is seeking a Information Systems Security Manager (Entry-level) that is responsible for the cybersecurity of a program, organization, system, or enclave.
The Systems Security Manager's responsibilities include, but are not limited to, the following:
- Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
- Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
- Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
- Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
- Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
- Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
- Ensure that security improvement actions are evaluated, validated, and implemented as required.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
- Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
- Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
- Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
- Evaluate cost/benefit, economic, and risk analysis in decision-making process.
- Identify alternative information security strategies to address organizational security objectives.
- Identify information technology (IT) security program implications of new technologies or technology upgrades.
- Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
- Interpret and/or approve security requirements relative to the capabilities of new information technologies.
- Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
- Lead and align information technology (IT) security priorities with the security strategy.
- Lead and oversee information security budget, staffing, and contracting.
- Manage the monitoring of information security data sources to maintain organizational situational awareness.
- Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
- Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
- Oversee the information security training and awareness program.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
- Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
- Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
- Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
- Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Required Skills
- Ability to use and understand complex mathematical concepts (e.g., discrete math).
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Required Experience
- US citizen
- IASAE, IAT, IAM Level 3 certification
- Associate's degree or higher from an accredited college or university in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
- Possible travel within the Continental United States (CONUS) and Outside CONUS (OCONUS).
CALIBRE and its subsidiaries are an Equal Opportunity Employer and supports transitioning service members, veterans and individuals with disabilities. We offer a competitive salary and full benefits package. To be considered, please apply via our website at www.calibresys.com. Come join our dynamic team. #CALIBRECareers