Information System Security Manager

Digital Charter • Washington, DC, US • $115k - $125k / year • 2m ago

Digital Charter is seeking a highly skilled and motivated individual to take on the role of Information System Security Manager (ISSM). This role will be full-time and hybrid in Washington D.C.. We are searching for a dedicated professional who can leverage their expertise to strategize information security, ensure compliance with regulations, and collaborate cross-functionally to enhance our organization's security posture.

This position will require 10-25% of work time on-site in Washington D.C.

**All candidates must be U.S. Citizens**

All Digital Charter candidates should possess the following soft skills:

Able to communicate effectively
Be a self-starter
Attentive to detail
Plays well with others
Takes great pride in service delivery

Responsibilities:

Strategize Information Security: Lead the conceptualization and execution of a robust Information Security Program, meticulously aligning it with NIST standards. Develop innovative approaches to safeguard systems and data against evolving threats.
Risk Management and Compliance: Spearheads the establishment of a holistic risk management framework, conducting in-depth assessments of vulnerabilities and potential impacts. Ensure the organization's compliance with government regulations and directives, guaranteeing the confidentiality, integrity, and availability of sensitive information.
Collaborative Leadership: Forge strong partnerships with Government entities to formulate and maintain the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Actions and Milestones (POA&M). Drive collaborative efforts to create a unified approach to cybersecurity that supports the organization's strategic goals.
Strategic Security Assessment: Lead the comprehensive security assessment process, analyzing intricate security controls and vulnerabilities to provide insights that inform strategic decisions. Champion proactive strategies to minimize risks and fortify our security posture.
Thought Leadership: Elevate the organization's cybersecurity posture through thought leadership and developing advanced security policies, procedures, and training materials. Deliver engaging security briefings and training sessions that empower personnel with classified access to champion security best practices.
Incident Response and Resolution: Develop a well-defined incident response framework to swiftly address and mitigate security incidents. Lead investigations and orchestrate cross-functional teams to implement remediation strategies and ensure minimal disruption.
Security Scan Analysis: Analyze and prepare mitigations for issues identified in weekly security scans.
Stakeholder Engagement: Cultivate strong relationships with key stakeholders, including the Authorizing Official (AO) and CIO, to furnish essential information that informs risk-based decisions on system Authority to Operate (ATO). Effectively communicate security strategies, progress, and potential risks to non-technical audiences.
Emerging Threat Awareness: Stay at the forefront of emerging cybersecurity threats, technologies, and industry best practices. Translate this knowledge into actionable strategies that keep our organization resilient against evolving security challenges.
Cross-Functional Collaboration: Collaborate closely with cross-functional teams to seamlessly integrate security measures into various system development and operations aspects. Infuse security considerations into strategic decision-making processes.

Qualifications:

Active CISSP certification is required.
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
Minimum of 10 years of cybersecurity experience, focusing on managing information system security and compliance.
Expert knowledge of NIST cybersecurity standards, frameworks, and regulations.
Working knowledge of Physical Access Control Systems (PACS).
Strong leadership and communication skills, with the ability to convey complex technical concepts clearly to non-technical stakeholders.
Detail-oriented mindset with exceptional analytical and problem-solving abilities.
Experience in conducting security briefings and training sessions.
Familiarity with security audit and assessment procedures.
Strong organizational skills and managing multiple tasks in a dynamic environment.
Prior experience with government agencies and familiarity with intelligence community security protocols is a plus.
Ability to work collaboratively in cross-functional teams and independently as needed.