Information Systems Security Manager - Washington, United States - MBL Technologies

    MBL Technologies
    MBL Technologies Washington, United States

    2 weeks ago

    Default job background
    Description

    Job Type

    Full-time

    Description

    MBL Technologies, Inc. offers a diverse set of management and technology consulting services to Federal government and commercial markets. Our solutions are tailored to support each client's mission, accounting for their unique needs and operating environments to ensure success. We bring the right people, capabilities, and expertise together to assist our clients with enabling their mission. Together our individual differences drive successful business results.

    If you are transitioning from military to civilian life, have prior service, are a retired veteran, or a member of the National Guard or Reserves, or spouse of an active military service member, we encourage you to apply. Please visit our webpage for information on our policies and benefits for the military and veteran community.

    Why Work With Us?

    • We trust, empower, and believe in our employees to soar to their fullest potential
    • We offer a robust benefits package (medical, dental, vision, STD, Accident, Life, Hospital Insurance, FSA, HSA, 401K match, professional development stipend, etc.).
    • We love to have fun and give back to the community. Community Service and Employee Engagement events are atop our calendar events
    • We genuinely like each other and champion everyone to achieve their own greatness
    MBL Technologies is currently hiring for an Information Systems Security Mananger (ISSM) to support our client in the Washington, DC metro area.
    • Manage Information System Security Officers (ISSO) to support information technology (IT) security goals and objectives and reduce overall organizational risk.
    • Assist in the execution and management of the CLIENT'S Risk Management Framework (RMF) and advises ISSOs on proper application of CLIENT'S cybersecurity policies and requirements.
    • Assist senior management in the development and interpretation of information assurance guidelines, policies, regulations etc.
    • Advise senior management (e.g., Chief Information Security Officer [CISO]) on risk levels and security posture.
    • Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture.
    • Conduct independent or coordinated studies to identify, evaluate or recommend solutions to significant systems management problems that are likely to be complex and sensitive in nature.
    • Ensure that security improvement actions are evaluated, validated, and implemented as required.
    • Identify alternative information security strategies to address organizational security objectives.
    • Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
    • Participate in information security risk assessments during the Security Assessment and Authorization process.
    • Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
    • Provide quality assurance reviews of cybersecurity deliverables to ensure consistency, accuracy, and relevancy.
    • Provide technical and procedural information system advice to risk management team.
    • Perform quality reviews of security artifacts collected by ISSOs under their purview to ensure quality assessment and authorization (A&A) deliverables are provided.
    • Assume ISSO responsibilities in the absence of ISSO.
    • Ensure approved CLIENT procedures are followed in the implementation of security controls.
    • Ensure a record is maintained of all vulnerabilities for existing authorization boundaries.
      •Advise ISSOs on all matters, technical and otherwise, involving the security of assigned IT systems.
    • Maintain a working knowledge of system technology, security policies, and security safeguards.
    • Ensure continuous monitoring of authorization boundaries and implemented security controls is followed.
    • Provide guidance to ISSOs on mitigation actions for security control deficiencies and scan vulnerabilities for assigned IT systems.
    • Provide role-based training for assigned ISSOs specific to their roles and responsibilities.
    • Brief senior management on the status of ISSOs and their assigned projects.
    • Work with senior leadership to mature risk management processes within the CLIENT environment.
    • Develop and formalize risk management training, specific to the CLIENT environment, for varied stakeholder groups.
    • Conduct assigned technical reviews and risk analyses and develop cybersecurity risk mitigation recommendations and strategies based on threats.
    • Research and recommend innovative, secure, and (where possible) automated solutions to improve risk management processes and activities.
    • Participate in the technical security evaluation and assessment of new technologies in support of the CLIENT's operations and provide supporting reviews.
    • Provide audit support to cybersecurity for audit activities and recommendations.
    • Perform other duties as assigned.
    Required Experience & Skills:
    • Minimum of eight (8) years of demonstrated work experience in cybersecurity risk management.
    • Demonstrated experience managing systems security assessments, reviewing system security documentation for successful security authorization of such systems.
    • Strong knowledge and expertise with NIST publications.
    • Demonstrated experience providing quality A&A deliverables.
    • Proven technical acumen and understanding of common operating systems and network technologies, risk management frameworks, and common security tools and scanners.
    • Demonstrated understanding of cloud service models, hybrid applications, and mobile security technologies and tools.
    • Understanding of management, operational and technical cybersecurity principles.
    • Experience with privacy principles and frameworks is preferred.
    • Excellent written and oral communication skills.
    • Bachelor's degree in computer science, information technology, cybersecurity, or a related technical discipline required.
    • Current and maintained certification in one or more of the following IT Security disciplines: Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) or equivalent certification required.
    • US Citizenship Required with the ability to pass a background check.
    • Federal experience is required; Legislative Branch experience is preferred.
    • Must be clearable; Preference given to cleared applicants.
    MILITARY OCCUPATIONAL SPECIALTY CODES (MOS codes):

    170A, 170D, 17A, 17B, 17C, 17D, 17S, 24B, 25B, 47D, 94F, IT, , 6203, 9735, 9740, 9890, 989, 1D731B, 1D731E, 1D751B, 1D751E

    CORPORATE CITIZEN:

    MBL Technologies' vision is to make a positive difference - for our people, our customers, and our communities. As such, a commitment to service and excellence has been woven into the very fabric of our culture. MBL employees demonstrate a willingness to consistently go above and beyond and strive for excellence in all we do - championing, protecting, and celebrating the core business through the mission, vision, and values. All are expected to be good corporate citizens, supporting one another and internal corporate initiatives to build a stable business platform and ensure lasting company success.

    Benefits:

    MBL Technologies offers a competitive salary adjusted for candidate qualifications partnered with an industry-leading benefits package. This package includes incentive plans with corporate and individual-based performance bonuses, 401K, PTO, remote work, health and wellness programs, employee discounts, and learning and development reimbursement.

    EEO STATEMENT:

    MBL Technologies is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.