Security Advisor

JOB DESCRIPTION AND / OR DUTIES Provide security for CNA’s classified, unclassified, and SCO networks and support the Security Operations Center (SOC) in various capacities. Participate in the security incident response process and triage incidents for escalation to appropriate stakeholders. Work with the Change Advisory Board (CAB) to identify changes that will impact information security controls. Develop and implement processes for tracking key operational metrics. Develop security policies and procedures to ensure that company assets are protected. Develop, implement, and manage CNA’s classified information security/information assurance programs in accordance with the NISPOM, DAAPM, and other government regulations and guidance. Ensure compliance with all applicable DoD, NISPOM, DCSA, DISA STIGs, NSA and other applicable security requirements and regulations. Manage and lead certification and accreditation (C&A) activities. Develop and maintain security plans, plans of action and milestones (POAMs), and other associated compliance documentation in support of government regulation and contract requirements.  Lead internal compliance reviews and self-inspections and disseminate compliance status information to pertinent staff for remediation. Develop and manage system security plans to include Risk Management Framework (RMF) documentation for classified systems and networks including SIPRNet. Perform and manage certification and accreditation (C&A) and risk assessment activities. Manage classified system compliance activities and ensure classified system authorizations (e.g., ATOs, ATCs, etc.) remain in effect, to include accredited standalone systems. Manage the vulnerability assessment process and ensure STIGs are applied properly. Develop and manage vulnerability and risk assessment processes. Ensure vulnerability and risk management processes are operating effectively. Develop and publish metrics and reports on the vulnerability and risk posture of CNA’s unclassified computing environments. Conduct risk analyses to assess potential security risks to ensure compliance with policies and that risk is managed to accepted tolerances. Coordinate with federal, state and/or local law enforcement agencies to prevent crime and respond to emergencies. Perform other duties as assigned. JOB REQUIREMENTS Education: Bachelor’s degree in information security, computer science or related field or equivalent combination of education and work experience required. One or more of the following certifications required: SACA Certified Information Security Manager; Certified Information Privacy Professional (CIPP), Microsoft Certified Systems Engineer – Security; (ISC) SCCP; (ISC) CISSP; (ISC) ISSAP. Advanced degree preferred. Experience: Minimum 10 years demonstrated experience in IT and IT security related functions. Experience in progressively responsible positions within an enterprise security environment, including experience with or knowledge of: NIST cyber and information security policy and guidance (e.g., NIST 800-53, NIST 800-171, etc.) and DoD security policy, Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual, guidelines, and directives. Expertise with DoD security policy, guidelines and directives, DoD classification management principles, computer and network security, information security, Intelligence Community Directives, Navy Information and Personnel Security Program Regulation and Navy Security Classification Guidance Series. Skills: Must have proficiency in a variety of computer software applications in word processing, spreadsheets, and databases. Must know and be able to take all actions required to ensure compliance with all Government security regulations and contractual requirements. Excellent communication and interpersonal skills with the ability to generate trust and build relationships. Ability to work effectively with cross-functional teams and manage multiple projects simultaneously. Must be able to make decisions to advise staff on appropriate actions regarding all security-related actions. Due to the nature of the work, some on-call availability outside of normal working hours is needed. Clearance: Ability to obtain and maintain a Top-Secret level security clearance upon hire. Hybrid Work Eligibility: This position may be eligible for telecommuting or hybrid work arrangements at the discretion of the Supervisor. Employees may be required to work at CNA headquarters or other work locations resulting in changes to the scheduled telecommuting or hybrid work arrangements.