Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Information System Security Manager

C

Customer Value Partners

Information System Security Manager

Washington, DC
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

     

    CVP is seeking an Information System Security Manager to execute and support the implementation of a successful Cybersecurity program.

    RESPONSIBILITIES

    • Direct the day-to-day work for a team of Information System Security Officers.
    • Provide direction, guidance, and expertise in related to:
      • Assessment and Accreditation
      • Risk Management
      • Continuous Monitoring
      • Change Management
      • Vulnerability Management
      • Incident Response
      • Handling of Privacy-related and sensitive data.
    • Integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, ensuring a robust software quality control process, and establishing multiple sources (e.g., delivery routes, for critical system elements).
    • Identify critical infrastructure systems with information communication technology that were designed without system security considerations.
    • Advise and notify management (e.g., system owner, Chief Information Security Officer, (CISO), Chief Information Officer [CIO], and/or Authorizing Official (AO)) on:
      • Risk levels and security posture
      • Cost/benefit analysis of information security programs, policies, processes, systems, and elements
      • Changes affecting the organization's cybersecurity posture.
    • Support customers at the highest levels in the development and implementation of doctrine and policies, information security program management, and cybersecurity management.
    • Work with other stakeholders to implement information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands within systems and the enterprise.
    • Experience demonstrating strong analytical, troubleshooting and problem-solving skills for security information and event management.
    • Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
    • Design, develop, engineer, and implement solutions to requirements.
    • Oversee and conduct complex risk analyses which also include risk assessment.
    • Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Assist client and team with responses to data calls and audits.
    • Identify measures or indicators of team performance and the actions needed to improve performance, relative to the cybersecurity goals of the organization.
    • Develop methods to monitor and measure risk, compliance, and assurance efforts.
    • Translate, track, and prioritize information needs and requirements into actionable work.
    • Stay abreast of new and emerging information technology (IT) and cybersecurity technologies.
    • Perform management and coordination tasks.
    • Support enterprise security activities, including information security program management and cybersecurity management.
    • Support information assurance, security assessment and authorization, and information security and privacy governance efforts, to include but not limited to:
      • Oversight of risk assessments
      • Creating and analyzing Security Plans, Operational Vulnerability Testing on systems and IT applications and services
      • Preparing Security Authorization Packages and Artifacts.

    QUALIFICATIONS

    • BS Degree in a computer discipline or BS Degree in management - plus 10 years of experience in computer security.
    • At least three years of management experience and five years of cybersecurity or information assurance experience.
    • CISSP Certification.
    • Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
    • Excellent communication skills, both written and oral.
    • Knowledge of NIST and FISMA guidelines.
    • Knowledge of NIST Cybersecurity and Risk Management frameworks and associated requirements.
    • Knowledge of cloud environments.
    • Knowledge of computer networking concepts and protocols, and network security methodologies.
    • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    • Knowledge of cybersecurity and privacy principles.
    • Knowledge of cyber threats and vulnerabilities.
    • Knowledge of specific operational impacts of cybersecurity lapses.
    • Knowledge of business continuity and disaster recovery continuity of operations plans.
    • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
    • Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
    • Knowledge of incident response and handling methodologies.
    • Knowledge of industry-standard and organizationally accepted analysis principles and methods.
    • Knowledge of measures or indicators of system performance and availability.
    • Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
    • Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
    • Knowledge of server administration and systems engineering theories, concepts, and methods.
    • Knowledge of system life cycle management principles, including software security and usability.
    • Knowledge of information security program management and project management principles and techniques.
    • Knowledge of system administration, network, and operating system hardening techniques.
    • Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
    • Knowledge of Personally Identifiable Information (PII) data security standards.
    • Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
    • Knowledge of controls related to the use, processing, storage, and transmission of data.
    • Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).
    • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

     

    DESIRED SKILLS

    • Experience with Security Assessment Tools (Tenable Nessus, DBProtect, Wireshark, WebInspect).
    • Understanding of Various Cloud Environments.
    • Knowledge of Personal Health Information (PHI) data security standards.
    • Knowledge of server administration and systems engineering theories, concepts, and methods.
    • Knowledge of resource management principles and techniques.
    • Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
    • Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
    • Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
    • Knowledge of enterprise incident response program, roles, and responsibilities.
    • Knowledge of current and emerging threats/threat vectors.
    • Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
    • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
    • Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
    • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
    • Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).
    • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
    • Knowledge of penetration testing principles, tools, and techniques.

    Company Description

    Customer Value Partners (CVP) is an award-winning business and next-gen technology consulting company that helps organizations navigate disruption and prepare for a culture of Continuous Change. We solve critical problems for healthcare, national security, and public sector clients through innovative strategies and solutions which leverage technologies and industry expertise in areas including Technology Modernization, Health, Data Science & Engineering, Business Transformation, and Cybersecurity. CVP delivers unparalleled excellence to clients and employees through our strong culture of integrity, engagement, respect, and a passion for our clients’ missions. Customer Value Partners, Inc. is a VEVRAA Federal Contractor and an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability. Customer Value Partners seeks to provide employment opportunities for protected veterans and individuals with disabilities.

  • Industry
    Hospital and Health Care