Manager, Governance Risk - Laurel - Johns Hopkins Applied Physics Laboratory (APL)

Description

Are you interested in being part of a forward thinking Cybersecurity program?

Are you inquisitive and analytical with expertise in Cybersecurity Governance, Risk, and Compliance?

If so, we 're looking for someone like you to join our team at APL.

We are seeking a Supervisor for our Governance, Risk, and Compliance (GRC) section to provide vision, direction, and leadership for cybersecurity oversight and maintenance of Federal Information Systems Management Act (FISMA) compliant security programs supervise a team of cybersecurity analysts in a matrix organization partnering with cyber architecture & engineering, cyber hunt & incident response, and operational cyber research.

As a cybersecurity subject matter expert, you will support innovation and digital transformation across the Laboratory. Manage our enterprise Vulnerability Management program and proactively identify and lead opportunities to reduce vulnerabilities across IT systems and emerging platforms like cloud and Internet of Things. Use your comprehensive understanding of evolving tactics, techniques, and procedures used by Nation State adversaries to assess and determine risk to the organization. Work with IT compliance stakeholders to assess risks and provide relevant technical guidance in order for stakeholders to make effective decisions.

As the Supervisor for our Governance, Risk, and Compliance (GRC) section you will...

• Maintain formalized IT Governance framework for APL's unclassified network. Review existing IT compliance controls for regulatory updates and perform necessary gap analysis create and participate in various internal and external audit and compliance activities. Monitor compliance with and develop organizational security policies and procedures for compliance with FISMA and NIST 800-53, NIST 800-171, HIPAA, as well as developing and evolving government regulations. Review and provide input on contracts for compliance. Create and maintain Systems Security Plans and document monitor and report on status of POA&M items. Present briefings to senior management.
• Develop and enhance processes, work flows, and documentation for monitoring compliance and privacy requirements.
• Participate in project and cross-functional security teams requiring interaction with system administrators, networking staff, application developers, IT operations staff, and cyber research and development areas within the organization in order to identify and implement information assurance controls and risk mitigation techniques for IT operations.
• Work effectively with all levels of management and staff and participate in project and cross-functional security teams within the organization in order to identify and implement information assurance controls and risk mitigation techniques for IT operations and evolve cyber security awareness and training programs. Work with internal, industry and third party IT security partners to stay current on industry trends, controls and security technologies and services. Collaborate with other organizations to maintain knowledge and leverage best practices. Provide routine reporting on goals and objectives to management.
• Establish strong relationships with staff, improve morale, conduct coaching, promote career growth, manage performance, and participate in recruiting and other line supervision activities as a member of the department 's extended management team.

Qualifications

You meet our minimum requirements if you...

• Hold a Bachelor 's degree in Information Systems, Computer Science, Cybersecurity or equivalent years of relevant professional IT work experience.
• Have 7+ years of hands-on operational IT cybersecurity experience.
• Have an understanding of attack methodologies used by Nation State actors and the ATT&CK matrix to effectively assess risk with applied knowledge of NIST 800-53, NIST 800-171, and HIPAA regulations.
• Have experience running vulnerability analysis tools, like Nessus, Qualys, or Rapid7.
• Have experience with data analysis using tools like, Splunk, ELK, or SQL.
• Have experience in assessing cloud technologies such as Amazon Web Services or Microsoft Azure.
• Have 5+ years in management/supervision in an operational cybersecurity role.
• Are able to self-direct and work independently as necessary.
• Possess exceptional analytical and problem-solving skills.
• Are an articulate and effective communicator with the ability to engage all levels of staff and management.
• Possess a proven track record of successfully leading, coaching, and motivating direct reports in solving complex problems.
• Are able to obtain a Secret level security clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

You go above and beyond our minimum requirements if you...

• Hold a Master's degree in Information Systems, Computer Science, or related field.
• Have experience with supporting cybersecurity operation center processes and tools.
• Have experience running IT projects involving at least 10 people.
• Possess certifications such as CISSP, CISSP-ISSEP, or SANS GIAC Security Essentials.
• Have extensive experience in cloud technologies such as Amazon Web Services or Microsoft Azure.

About Us

Why Work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences of perspectives and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at http://www.jhuapl.edu/careers.

All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law. APL is committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact Accommodations@jhuapl.edu.

The referenced pay range is based on JHU APL's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.

Minimum Rate

$105,000 Annually

Maximum Rate

$275,000 Annually