Requisition #: OV-MGT-001-2 (NCR)

Job Title: Information Systems Security Manager - Intermediate

Job Description:

LOCATION:  National Capital Region - Washington, DC or Northern Virginia

EXPERIENCE LEVEL: Intermediate

CLEARANCE: TOP SECRET/SCI

WORK ROLE DESCRIPTION:

Responsible for the cybersecurity of a program, organization, system, or enclave

TASKS:

• T0001: Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
• T0002: Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
• T0003: Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
• T0004: Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
• T0005: Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
• T0024: Collect and maintain data needed to meet system cybersecurity reporting.
• T0025: Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• T0044: Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
• T0089: Ensure that security improvement actions are evaluated, validated, and implemented as required.
• T0091: Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• T0092: Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).
• T0093: Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
• T0095: Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy.
• T0097: Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• T0099: Evaluate cost/benefit, economic, and risk analysis in decision-making process.
• T0106: Identify alternative information security strategies to address organizational security objective.
• T0115: Identify information technology (IT) security program implications of new technologies or technology upgrades.
• T0130: Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.
• T0132: Interpret and/or approve security requirements relative to the capabilities of new information technologies.
• T0133: Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• T0134: Lead and align information technology (IT) security priorities with the security strategy.
• T0135: Lead and oversee information security budget, staffing, and contracting.
• T0147: Manage the monitoring of information security data sources to maintain organizational situational awareness.
• T0148: Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.
• T0149: Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.
• T0151: Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection.
• T0157: Oversee the information security training and awareness program.
• T0158: Participate in an information security risk assessment during the Security Assessment and Authorization process.
• T0159: Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• T0192: Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• T0199: Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
• T0206: Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

ABILITIES:

• A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• A0161: Ability to integrate information security requirements into the acquisition process; using applicable baseline security controls as one of the sources for security requirements; ensuring a robust software quality control process; and establishing multiple sources (e.g., delivery routes, for critical system elements).
• A0170: Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

EDUCATION:

Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.

CERTIFICATION(S):

CISSP-ISSMP or GSLC - IAT, IAM, or IASAE Level 3

Please fill out the short application form below. If you have applied for a position with RiVidium in the past, we will know by querying your email address within our database once you submit the form. At that time we will ask you if you would like to use the resume we have on file to apply for the position described above. You will also have the option to submit a new resume if you wish to do so.