Cyber Security Manager

Job ID: 2210821

• Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
• Manges risk and vulnerability assessment at the network, system, and application level. Conducts threat modeling exercises.
• Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs.
• Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
• Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
• Prepares security reports to regulatory agencies. Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
• This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Ensure agency is in compliance with required government policies and processes (i.e. NIST, FISMA, CISA, DHS), and makes recommendations on process tailoring.
• Manage the audit finding using the National Institute of Standards and Technology (NIST) security controls developed under the Federal Information Security Management Act (FISMA).
• Review and validate the evidence in support of responses to security-related audits. Provide support for third-party audits performed by the OIG (annual financial statement and FISMA audits, penetration tests, other external regulatory agencies, and internal oversight elements).
• Performs analyses to validate established security requirements and to recommends additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Periodically conducts of a review of each system's audits and monitors corrective actions until all actions are closed.
• Manages subordinate management and/or experienced specialist employees who exercise significant latitude and independence.