Chief Information Security Officer - IMAPS

Location: Hybrid: Lakewood, CO; Reston, VA and DOI’s Udall Building headquartered in downtown Washington, DC.

Job Category: Information Technology

Time Type: Monday through Friday, 7:00 AM to 4:00 PM Mountain time, 9:00 AM to 6:00 PM Eastern time, excluding Federal Holidays.

Potential for Telework: Yes

Minimum Clearance Required to Start: Standard Background Check

Employee Type: W2 or 1099

Citizenship: US Citizen

NexThreat is looking for a Chief Information Security Officer to lead in the implementation and management of information security controls that will increase the Agency’s overall information security posture. The successful candidate will be responsible for the integration of information security controls and overall information security awareness across all departments and units. The perfect candidate will be responsible for the compliance of IT systems, applications, and networks with security policies and information protection strategies; develop, publish, and maintain Agency information security policies, standards, procedures, and guidelines.

Responsibilities:

• Serve as a POC for Information System with security issues
• Coordinate security program and system elements with the agency IT Program Managers by evaluating system environments for security requirements and controls including IT Security Architecture, hardware, software, telecommunications, security trends, and associated threats and vulnerabilities
• Manage security controls to ensure confidentiality, integrity, and availability of information
• Build security into the system development process and define security specifications to Support the acquisition of new systems
• Serve as a key advisor in risk assessments of all systems and mitigate vulnerabilities
• Adhere to Continuous Monitoring practices to ensure that security controls are maintained over the life of IT systems
• Assist the System Owner in the development, testing, and maintenance of contingency plans, backup, and storage procedures
• Audit and monitor application, system, and security logs for security threats, vulnerabilities, and suspicious activities; document all procedures according to departmental standards
• Monitor and coordinate patch management and scanning techniques for all unit systems; participate in the identification and mitigation of all system vulnerabilities
• Ensure that Vulnerability and/or Compliance scans/reports are processed in accordance with the Continuous Monitoring plan/strategy
• Assist the Information System Security Manager (ISSM) in any other security-related duties, as required
  
  
  

Requirements:

• Be knowledgeable of Federal, Departmental, and security regulations
• Seven+ years of network or security operational experience, including at least 2 years in a senior management/Director level position in an IT enterprise environment, or cybersecurity-focused organization
• Significant and demonstrated capabilities to assess organizational cyber security hygiene, quantify cyber risk in a prioritized schema, and recommend tactical and strategic courses of action to executive leadership
• Experience in execution of cyber security uplift in government, financial services, or professional services industry
• Demonstrable knowledge of information security technologies, networking, and network and systems architecture
• Deep and hands-on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation/ remediation methods experience in cyber forensics and highly complex threat analyses
• Knowledge of common information security management frameworks, such as NIST or other data security standards or widely accepted information security recommended actions
• Excellent written and verbal communication skills
  
  
  

Certifications not required but preferred:

PMP CISSP (most preferred), CCSP, CIPP, CAP, CASP / GSLC / CISM/CSM or other industry-standard security certifications.