Client Services Security Manager - Hybrid Work Arrangement

Employer
Westat
Location
Rockville , MD
Posted
Aug 30, 2022
Closes
Oct 03, 2022
Industry
Research, Security
Hours
Full Time
Westat is an employee-owned corporation providing research services to agencies of the U.S. Government, as well as businesses, foundations, and state and local governments. Westat's research, technical, and administrative staff of more than 2,000 is located at our headquarters in Rockville, Maryland, near Washington, DC.

Westat is committed to building a diverse workforce and a culture of inclusivity, belonging and equity for all. We believe that our greatest strength draws on the different backgrounds, cultures, perspectives and experiences of our employees.

Westat is seeking a senior information security manager to lead our Client Security Services (CSS) team. This leadership role is a critical member of the chief information security officer's (CISO's) team and acts as an interface between the CISO's strategic and process-based activities and the CSS team they will lead. The CSS Manager must be able to provide direction and mentoring for staff, interact directly with internal and external clients, manage resources, meet deadlines, and provide regular status and service-level reports to management.

The candidate should have experience managing direct reports and working with Federal Government clients, securing information systems in accordance with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF, i.e. NIST 800-37 and 800-53). Expertise in leading project teams and developing and managing projects is essential for success in this role. In addition to supporting the CISO's policies and strategies, the ISM must be able to prioritize work efforts — balancing operational tasks with longer-term strategic security efforts.

Job Responsibilities:
  • Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.
  • Work with the CISO to develop budget projections based on short- and long-term goals and objectives.
  • Monitor and report on client facing security activities that include security authorization documentation creation, security control evidence gathering, risk remediation, and security assessment coordination.
  • Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
  • Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
  • Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.
  • Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
  • Manage production issues and incidents, and participate in problem and change management forums.
  • Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
  • Serve as an active and consistent participant in the information security governance process.
  • Work with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
  • Provide support and guidance for legal and regulatory compliance efforts, including audit support.
  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
  • Formulate recommendations to resolve problems impacting the quality and effectiveness of security controls in software development projects.
  • Participate in information security working groups.


Basic Qualifications:
  • Bachelor's degree and a minimum of 7 years of IT experience, a high school degree or GED and a  minimum of 12 years of IT experience.
  • Experience with FISMA and the entire NIST Risk Management Framework lifecycle are essential.
  • Demonstrated leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
  • Proven project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
  • At least one IT security certification is required (Security+, Certified Information Systems Security Professional (CISSP), GIAC Security Essentials (GSEC), Systems Security Certified Practitioner (SSCP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA)).


Preferred Qualifications:
  • Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.


Minimum Qualifications:
  • Excellent communication skills.
  • Ability to work well under minimal supervision and work in a team oriented environment

Westat offers a well-rounded and comprehensive benefits program focused on wellness and work/life balance. Eligible employees may participate in:
  • Employee Stock Ownership Plan
  • 401(k) Retirement Plan
  • Paid Parental Leave
  • Vacation Leave
  • Sick Leave
  • Holiday Leave
  • Professional Development
  • Health Advocate
  • Employee Assistance Program
  • Travel Accident Insurance
  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Short Term Disability Insurance
  • Long Term Disability Insurance
  • Life and AD&D Insurance
  • Critical Illness Insurance
  • Supplemental Life Insurance
  • Flexible Spending Account
  • Health Savings Account

 

Protecting the health and safety of our employees and survey participants is a top priority for Westat. As a federal government contractor, Westat will require Westat staff, regardless of work location, to provide proof that they are fully vaccinated against COVID-19 upon hire and to follow all safety protocols, subject to approved accommodations under applicable law.

Westat is an Equal Opportunity Employer and does not discriminate on the basis of race, creed, color, religion, sex, national origin, age, veteran status, disability, marital status, sexual orientation, citizenship status, genetic information, gender identity or expression, or any other protected status under applicable law.

Similar jobs