Information Systems Security Manager

You've stumbled upon the rare B Corp government contractor! At TCG, we aim to prove that businesses can be good to their employees and responsible to their community while being profitable. We're an award-winning IT solutions provider to the Federal government seeking an Information Systems Security Manager to join our team.

US Citizenship is required for this role. In addition, the selected applicant must submit to a government background investigation and be favorably adjudicated before their first day.

This position is primarily remote but may require occasional in-person meetings for critical needs with advanced notice. The selected applicant must live within commuting distance of Washington, D.C.

The Information Systems Security Manager may lead and participate in the performance of security risk assessments, system threat assessments, vulnerability assessments, and penetration analyses of facilities, and computer networks; development and preparation of security plans, vulnerability assessments, and other plans; evaluation of information system and network access control, data integrity, and system virus and worm countermeasures associated with data processing, LAN, and WAN systems; use of state-of-the-art security evaluation and assessment technology, techniques, and tools.

RESPONSIBILITIES:

• Oversee the implementation and maintenance of security controls in alignment with NIST 800-53, ensuring the protection of organizational information systems.
• Conducts risk assessments and develops security plans based on NIST RMF and related publications.
• Maintain a strong understanding of current and emerging security threats and vulnerabilities, and how they relate to NIST guidelines
• Researches, develops, coordinates, maintains, and ensures compliance with end-user and technical security policies, standards, and procedures, including the System Security Plan (SSP), Incident Response Plan, and Disaster Recovery/COOP/Contingency Plan.
• Coordinates with the security and policy committee members to ensure that developed security policies and standards are technically sound and aligned with business needs.
• Serves as an authority for responding to policy issues and providing correct interpretation that maintains the security and integrity of the organization's security environment while meeting business objectives.
• Examines and reports on policy and standard compliance for computing platforms, operating systems, and networks.
• Specifies technical security requirements for new application developments; assesses the security impact of proposed system changes; coordinates with systems developers and engineers to configure, test, and deploy implemented system security solutions.
• Performs or oversees the performance of day-to-day security operations including, but not limited to, monitoring of audit logs and Intrusion Detection/Prevention devices, and ensuring effective tracking and reporting mechanisms are in place.
• Assists with network vulnerability "controlled penetration testing" assessments.
• Assist with activities associated with responding to a security-related incident or disaster recovery/business continuity.
• Prepares action plan and monitors corrective measures to maintain an adequate level of security to meet audit and regulatory requirements. Ensures that IA or IA-enabled software and hardware comply with appropriate security configuration guidelines. Ensures proper virus, malware, etc, protections are properly applied and maintained.
• Supports and maintains organization-wide information security training and awareness programs.
• Researches and coordinates with other agencies to be current with computer viruses, hoaxes, and system vulnerabilities affecting the agency.
• Analyzes and defines security requirements to meet government-mandated security policies.
• Identifies, implements, and assesses common security controls.
• Gathers, organizes, and documents technical information about an organization's mission, goals, and needs; existing security products; and ongoing programs in the multi-level security arena.
• Performs risk analyses, including risk assessments.

REQUIRED EXPERIENCE & SKILLS:

• A minimum of 8 years of experience related to Information Assurance with 3 years of experience conducting security control assessments and authorizations, ensuring compliance with federal regulations and NIST publications.
• Proven ability to develop and maintain security policies, standards, and procedures based on NIST guidelines and industry best practices.
• Strong understanding of NIST 800-37, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
• Must have knowledge and understanding of network security and firewall design principles; network protocols (e.g., TCP/IP, Telnet, FTP); and information security principles
• Should have experience in securing information systems and ensuring continued secure operations of information systems.
• Ancillary skills in systems development, quality assurance, or project management are desirable.
• Excellent verbal, written, graphical, and interpersonal communication skills
• Experience with working in multiple, concurrent projects
• Experience working in an agile, team-oriented, collaborative environment
• Strong analytical, problem-solving, planning, and decision-making capabilities
• Demonstrated professionalism in providing client support, including the ability to exercise good judgment, discretion, tact, and diplomacy
• Sound business ethics, including the protection of proprietary and confidential information
• Ability to work with all levels of internal staff, and outside clients and vendors

PREFERRED EXPERIENCE & SKILLS:

• Experience in an Agile/Scrum development environment and/or CSM
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) preferred.
• Experience working with federal agency offices

EDUCATION:

• Bachelor's degree preferred, preferably in Computer Science, Information Technology, or a related field. Experience may be substituted in the absence of a degree

TCG does not discriminate based on race, sex, color, religion, national origin, age, disability, caste, or veteran status.

Our B Corp mission is reflected in our benefits, including offerings like health care, 401K, parental leave, adoption assistance, financial planning services, student loan repayment assistance, and training budget. There's more, see for yourself.

TCG is recognized for treating employees well, in fact, in 2024 The Washington Post named TCG as a "Top Workplace" for the tenth straight year based on how our employees feel about the company, the benefits TCG offers, and the work/life balance that our staff achieves. Our CEO was ranked best, by TCG employees' votes, among all midsize companies in the Washington Post Top Workplace survey.

Try us ... we'll make you happy.

Internal title/grade: System Engineer, E4
Salary Range: $125,000 - $162,000