Location: Hybrid: Lakewood, CO; Reston, VA and DOI’s Udall Building headquartered in downtown Washington, DC.
Job Category: Information Technology
Time Type: Monday through Friday, 7:00 AM to 4:00 PM Mountain time, 9:00 AM to 6:00 PM Eastern time, excluding Federal Holidays.
Potential for Telework: Yes
Minimum Clearance Required to Start: Standard Background Check
Employee Type: W2 or 1099
Citizenship: US Citizen
NexThreat is looking for a Chief Information Security Officer to lead in the implementation and management of information security controls that will increase the Agency’s overall information security posture. The successful candidate will be responsible for the integration of information security controls and overall information security awareness across all departments and units. The perfect candidate will be responsible for the compliance of IT systems, applications, and networks with security policies and information protection strategies; develop, publish, and maintain Agency information security policies, standards, procedures, and guidelines.
Responsibilities:
Serve as a POC for Information System with security issues
Coordinate security program and system elements with the agency IT Program Managers by evaluating system environments for security requirements and controls including IT Security Architecture, hardware, software, telecommunications, security trends, and associated threats and vulnerabilities
Manage security controls to ensure confidentiality, integrity, and availability of information
Build security into the system development process and define security specifications to Support the acquisition of new systems
Serve as a key advisor in risk assessments of all systems and mitigate vulnerabilities
Adhere to Continuous Monitoring practices to ensure that security controls are maintained over the life of IT systems
Assist the System Owner in the development, testing, and maintenance of contingency plans, backup, and storage procedures
Audit and monitor application, system, and security logs for security threats, vulnerabilities, and suspicious activities; document all procedures according to departmental standards
Monitor and coordinate patch management and scanning techniques for all unit systems; participate in the identification and mitigation of all system vulnerabilities
Ensure that Vulnerability and/or Compliance scans/reports are processed in accordance with the Continuous Monitoring plan/strategy
Assist the Information System Security Manager (ISSM) in any other security-related duties, as required
Requirements:
Be knowledgeable of Federal, Departmental, and security regulations
Seven+ years of network or security operational experience, including at least 2 years in a senior management/Director level position in an IT enterprise environment, or cybersecurity-focused organization
Significant and demonstrated capabilities to assess organizational cyber security hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership
Experience in execution of cyber security uplift in government, financial services, or professional services industry
Demonstrable knowledge of information security technologies, networking, and network and systems architecture
Deep and hands-on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/ remediation methods experience in cyber forensics and highly complex threat analyses
Knowledge of common information security management frameworks, such as NIST or other data security standards or widely accepted information security recommended actions
Excellent written and verbal communication skills
Certifications not required but preferred:
PMP CISSP (most preferred), CCSP, CIPP, CAP, CASP / GSLC / CISM/CSM or other industry-standard security certifications.
Seniority level
Not Applicable
Employment type
Full-time
Job function
Information Technology
Industries
Computer and Network Security
Referrals increase your chances of interviewing at NexThreat by 2x