Senior Cybersecurity Analyst/Information Security Manager

Senior Cybersecurity Analyst/Information Security Manager. The candidate will be responsible for overseeing and implementing robust cybersecurity measures to safeguard the confidentiality, integrity, and availability of the organization's information systems and their data. The individual will lead a team of cybersecurity professionals, ensuring adherence to industry standards and federal regulations, with a focus on continuous improvement and proactive risk management.

Responsibilities Include:

• Supervise and mentor a team of cybersecurity analysts, fostering a collaborative and effective work environment.
• Oversee the development and execution of cybersecurity training programs for staff.
• Plan, coordinate, and implement security measures to protect information systems.
• Develop, monitor, and conduct testing of cybersecurity plans and controls using government-approved tools and methods.
• Create, update, and enforce cybersecurity policies, including but not limited to EHSS Security Policies, Privacy Plans, and Configuration Management Plans.
• Ensure compliance with National Institute of Standards and Technology (NIST) guidelines, including NIST 800-37, 800-53, CNSSI, and other federal requirements.
• Lead incident response efforts, ensuring timely and effective resolution of cybersecurity incidents.
• Manage vulnerability assessments and Plan of Action and Milestone (POA&M) processes.
• Develop and document residual risk and risk assessment statements.
• Stay informed about the latest cybersecurity trends, including Zero Trust Architecture, cloud requirements, and Continuous Diagnostics Mitigations/Continuous Monitoring.
• Recommend and implement improvements in cybersecurity tools and processes.

Education and Certifications:

• Bachelor's degree (or six years of directly relevant experience) from an accredited university or college in Information Technology with an emphasis in Cybersecurity, Information Assurance, or a similar field.
• GIAC Information Security Professional (GISP) and/or ISC2 Certified Information Systems Security Professional (CISSP) or equivalent certification.

Experience:

• Minimum of five (5) years of experience in planning, coordinating, and implementing security measures for information systems.
• Minimum of two (2) years of supervisory experience in a cyber/IT security role.
• Proficiency in developing, monitoring, and testing cybersecurity plans and controls.

Skills and Knowledge:

• Extensive knowledge of SA&A policy, procedures, and processes.
• Thorough understanding of cyber policies and practices, including NIST Special Publications.
• Expertise in Incident Response, vulnerability management, and Zero Trust Architecture (ZTA).
• Strong analytical and problem-solving skills.
• Excellent communication and documentation skills.