Type

Type Details

Complete Description

The Director of Information Security is responsible for directing and supporting the development of our client’s security program. The Director of Information Security will acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall risk. The Director of Information Security will support the development and implementation of information security programs, policies, and procedures, including successful implementations. The Director of Information Security works closely with other leaders within our client’s team to develop and implement information security strategies that align with their goals and objectives.

EDUCATION & EXPERIENCE

Required

• Bachelor’s degree in computer science, IT security or related degree or equivalent experience.
• U.S. Citizenship.
• Must be able to receive a favorable Interim and adjudicated final Department of Defense (DoD) background investigation.
• 5 years of progressively responsible management experience leading IT security teams.
• 10 years of experience in cybersecurity and information technology administration.
• Experience in managing a National Institute of Standards and Technology (NIST), Federal Information Security Modernization Act (FISMA) security environment, and obtaining and maintaining ongoing authorizations.
• Experience integrating controls and practices based on NIST 800 series publications.
• Familiar with FedRAMP security framework and requirements.
• Familiar with STIG configuration standards and implementation of STIG mandated configurations.
• Familiar with the Federal Information Security Modernization Act (FISMA) Eligible to hold Department of Defense security clearance.

Preferred

• A background in information security or a related field and certification in information security (e.g., CISSP).
• Skills in Virtual Private Network (VPN) devices and encryption.
• Skills in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications.
• Ability to interpret Communications Security (COMSEC)
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity.

Key Responsibilities

• Responsible for the cybersecurity of a program, organization, system, or enclave.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with our client’s missions and goals.
• Advise senior management (e.g., Chief Information Security Officer, CISO) on cost/benefit analysis of information security programs, policies, systems, elements, and risk levels/security posture.
• Ensure cybersecurity requirements are integrated into the continuity planning for the system and our client.
• Ensure cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Monitor IT security program implications of new technology or technology upgrades.
• Oversee the information security training and awareness programs.

Overiew

• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Use federal and client specific published documents to manage operations of computing environment systems.
• Develop and implement information security strategies that align with the client's overall goals and objectives.
• This may involve identifying key information security metrics, developing information security policies and procedures, and implementing programs to improve information security for our client.
• Oversee the day-to-day operations of the information security department, including managing staff, ensuring compliance with regulatory requirements, and implementing process improvements.
• Conduct risk assessments to identify potential security threats and vulnerabilities to our client’s information assets. Based on the results of the assessments, they develop risk mitigation strategies to protect our client from these threats.
• Develop incident response plans to address security incidents, including data breaches or cyber-attacks.
• They also conduct regular drills to ensure that our client is prepared to respond to these incidents.
• Collaborate with other internal teams, including IT, legal, and compliance, to ensure that the information security program is consistent with other organizational goals and objectives. 
• Manage relationships with third-party vendors who support the information security program, such as security software vendors or managed security service providers.
• Ensure that the information security program complies with all regulatory requirements, including those related to data privacy and security.