The Manager, ISS - Cybersecurity is responsible for performing cybersecurity framework assessments, serving as a customer-facing CISO, and providing guidance on cyber policies and technical solutions.
Requirements
- Knowledge of applicable laws, statutes, and regulatory documents
- Knowledge of current and emerging cyber technologies
- Evaluates a system's compliance with IT security, resilience, and dependability requirements
- Knowledge of computer networking concepts and protocols, and network security methodologies
- Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards
- Assesses the effectiveness of NIST 800-171/CMMC security controls
- Designs/integrates a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan
- Drafts, staffs, and publishes cyber policy
- Develops methods to monitor and measure risk, compliance, and assurance efforts
- Develops specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements
- Drafts statements of preliminary or residual security risks for system operation
- Maintains information systems assurance and accreditation materials
- Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan
- Performs security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
- Plans and conducts security authorization reviews and assurance case development for initial installation of systems and networks
- Verifies that application software/network/system security postures are implemented as stated, documents deviations, and recommends required actions to correct those deviations
- Assesses policy needs and collaborates with stakeholders to develop policies to govern cyber activities
- Monitors the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services
- Provides policy guidance to cyber management, staff, and users
- Reviews, conducts, or participates in audits of cyber programs and projects
- Supports the CIO in the formulation of cyber-related policies
- Interprets and applies applicable laws, statutes, and regulatory documents and integrate into policy
- Promotes awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of emerging technologies that have potential for exploitation by adversaries
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity
- Knowledge of specific operational impacts of cybersecurity lapses
- Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues
- Supervisory Responsibilities: Serves as a member of the consulting group's management team
- Supervises, develops, and trains associates and senior associates
- Reviews and evaluates work prepared by associates and senior associates
- Trains associates and senior associates on how to use current software tools and Industry Specialty Services methodology
- Schedules and supervises workload of associates and senior associates
- Provides verbal and written performance feedback to associates and senior associates
- Acts as a Career Advisor to associates and senior associates
Benefits
- Paid Time Off
- Health Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Disability Insurance
- 401(k)
- Employee Stock Ownership Plan (ESOP)
- Flexible Work Arrangements
- Employee Discounts
- Professional Development Opportunities
