Branch Head, Chief Information Security Officer NF5

US Department of Defense
Quantico, VA
May 21, 2019
May 24, 2019
Full Time
family-of-overseas-employeesfederal-employees-competitivefederal-employees-exceptedfederal-employees-transitionindividuals-with-disabilitiesCreated with Sketch.internal-to-an-agencyCreated with with Sketch.military-spousesCreated with Sketch.national-guardCreated with Sketch.native-americansCreated with Sketch.peace-corpspublicsesse-otherstudentsgraduatesveteransspeical authoritiesland-mgmt Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively. Serves as the Branch Head of the Enterprise Information Technology (IT) Security Office, Chief Information Security Officer (CISO), and Manager of Cybersecurity & Compliance. The position manages the implementation of the DISA Risk Management Framework (RMF), PCI Data Security Standard (PCI DSS) and FISMA compliance using National Institute of Standards and Technology (NIST) Standards through Assessment and Authorization (A&A) of all IT solutions, current, and future, within the MCCS worldwide environment. Ensures that reporting Marine Corps Command Control Computers & Communications (C4), PCI Security Standards Council (SSC) approved security companies including PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV) Scan Reports, and PCI PA-DSS Reports of Validation (ROV) are accurate and timely. Manages staff to conduct cybersecurity (CY) audits to validate security risks mitigation and C4 and FISMA compliance. Ensures compliance with FISMA and Marine Corps compliance standards with Retail Business, Commercial Fitness, Food, Lodging, Business Support, Field Command, and IT Infrastructure systems. Ensures the development of validation protocols for all aspects of IT compliance acting as the internal auditing function for PCI, C4, and FISMA compliance. Conducts high-level presentations and briefings as required. Ensures that key artifacts for security compliance management are produced in a quality way and that they are available for audit and submission according to required timelines. Ensures that project teams engaged in maintenance and enhancement of production systems and new application development are educated in compliance policies and procedures and that the approach for systems development encompasses Security and Compliance standards throughout the organization. Performs the role of Information Systems Security Manager (ISSM) IAW HQMC C4 policy and procedures. Develops and maintains the security program that identifies architecture, requirements, objectives and policies, personnel, processes, and procedures as they relate to NIST and Marine Corps standards. Provides security oversight for MR and subordinate commands to include coordinating MR security measures, ensuring that section staff conduct analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels. As an ISSM, ensures that information ownership responsibilities are established for each information system to include accountability, access approvals, and special handling requirements. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Maintains the appropriate level of personal training and certification required in accordance with DoD 8570. Creates, maintains and delivers cybersecurity training for MR and MF organizations. Ensures security governance across the MCCS enterprise. Brings security to the forefront in MCCS business and family services environment. Conforms to governance program including Configuration Management, Change Management, Incident Management, Event Management, Product Management and Built-In Security. Performs security compliance efforts IAW the PCI, FISMA, NIST SP 800 series, FIPS series, DOD 8570 series and USMC related policies and procedures. Liaises with designated HQMC C4 office staffs responsible for system CY and IT Portfolio management to ensure currency with compliance matters. Manages full time and contractor security personnel. Sets a high standard for collaboration within the team and across teams. Uses interpersonal skills to communicate clearly so that non-security experts can understand the importance of security and their roles in achieving and maintaining a secure enterprise. Motivates others through positive feedback and reinforcement. Ensures that team members all feel that they actively contribute to the success of the entire group. Promotes and demonstrates a flexible, "whatever it takes" attitude that allows the business to achieve its security goals. Provides overall direction to all members of the Security & Compliance team regarding goals and objectives as well as specific associate performance. Maximizes the contribution of associates by appropriate task assignments and works to enhance the individual's potential through training, performance monitoring, mentoring and feedback. Plans, develops, manages Cybersecurity budget. Monitors expenses and project work on cybersecurity projects. Leads by example with an emphasis on courtesy. Takes action to solve problems quickly. Alerts the higher level supervisor, or proper point of contact for help when problems arise. Ensures minimal loss of duty by complying with "Return to Work" program initiatives, and following up on employee well-being. Occasional travel to complete work assignments, conduct training or attend conferences and meetings. Performs other related duties as assigned. Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND five years of experience managing hands-on security assessment, quality assurance, PCI DSS or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above. At least 5 years of progressive experience managing technical and/or compliance teams with proven results achieving project and compliance goals in a timely fashion. Certification as an Information Systems Security Professional (CISSP) is required or equivalent level education and appropriate experience with DoD system security and information assurance (IA) policy and procedures. Greater than five years' experience managing all aspects of Information Assurance / Cyber Security, Information Security, and Network Security Programs for the USN and USMC; DIACAP, network defense, risk and compliance assessment, remediation, and mitigation; system and network engineering, administration, and security; physical security; forensic investigations; vulnerability scanning, analysis, remediation, and reporting; incident handling and response Experience with: Vulnerability Assessments, Analysis, and Reporting Security assessment tools Microsoft Excel, Microsoft Project, Microsoft Visio, Written and verbal communication to all levels of the organization Mastery of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring and inspecting costs, work, and contractor performance Extensive experience in developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting accomplishments and deficiencies Comprehensive technical and management reports on trends, issues, and potential problem areas in configuration management, architecture, and network security standards on existing or proposed interfaces with other computerized systems Evaluating the security infrastructure for enterprise merchants or service providers Managing IT projects for system assessment and authorization Documenting security compliance related correspondence required by governing authorities and documenting instructions, guidance, and procedures to specified audiences Managing projects to deliver infrastructure security solutions for a business enterprise Measuring and reporting project performance and supporting project administration, logistics and operations to include analysis of project indicators and performance reporting Familiarity with the DoD Risk Management Framework (RMF) Process, Marine Corps Assessment and Authorization Process (MCAAP) ECSM-018 preferred. Broad Knowledge of: Networking System Administration - Windows and Unix/Linux platforms Database Administration Application Development PCI Requirements and the financial industry and the lifecycle of payment card transactions System Administration Tools - Active Directory, Microsoft System Center Configuration Manager (SCCM) Project Management Vulnerability and Patch Management USN or USMC Certification and Accreditation tools - eMASS and MCCAST Asset/Inventory Management Incident Response DoD 8500.01 and DoD 8510.01 National Institute of Technology Standards (NIST) publications, specifically, the the NIST 800 Series of Special Publications, Federal Information Processing Standards (FIPS), FedRAMP, NIST 800-171, and the NIST Cybersecurity Framework. As an authorized and privileged user of Department of Defense Information Systems must possess or receive Information Assurance awareness by completing the Security+ Certification as a condition of access within six months of employment, and thereafter must complete annual Information Assurance awareness training. Must be able to obtain a Secret (Tier 3) security clearance and must be able to maintain the required level of clearance while employed in the subject position. Education Additional information GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis. It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made. Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS. Required Documents: *Education/certification certificate(s), if applicable. *If prior military, DD214 Member Copy This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce. Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card. INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT'S DISCRETION WITHOUT FURTHER COMPETITION. ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN STANDARD TIME (EST) ON THE CLOSING DATE LISTED IN THE JOB POSTING. Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official. Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating. A career with the US Government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Learn more about federal benefits. The Federal government offers a number of exceptional benefits to its employees. Benefits you get to enjoy while working at MCCS include but are not limited to: Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time, or intermittent. Contact the hiring agency for more information on the specific benefits offered. Resumes/applications emailed or mailed will not be considered for this vacancy announcement. To be considered for employment, the application or resume must be submitted online by 11:59 PM (EST) on the closing date of the announcement. Note: To check the status of your application or return to a previous or incomplete application, log into your MCCS user account and review your application status. All applicants who submit an application via our Careers page at will be able to view their application status online. The Federal hiring process is setup to be fair and transparent. Please read the following guidance. Equal Employment Opportunity Policy The United States Government does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor. Federal agencies must provide reasonable accommodation to applicants with disabilities where appropriate. Applicants requiring reasonable accommodation for any part of the application process should follow the instructions in the job opportunity announcement. For any part of the remaining hiring process, applicants should contact the hiring agency directly. Determinations on requests for reasonable accommodation will be made on a case-by-case basis. A reasonable accommodation is any change to a job, the work environment, or the way things are usually done that enables an individual with a disability to apply for a job, perform job duties or receive equal access to job benefits. Under the Rehabilitation Act of 1973, federal agencies must provide reasonable accommodations when: An applicant with a disability needs an accommodation to have an equal opportunity to apply for a job. An employee with a disability needs an accommodation to perform the essential job duties or to gain access to the workplace. An employee with a disability needs an accommodation to receive equal access to benefits, such as details, training, and office-sponsored events. You can request a reasonable accommodation at any time during the application or hiring process or while on the job. Requests are considered on a case-by-case basis. Beginning of a dialog window for the agency announcing this job. It begins with a heading 2 called "Learn more about Field Operating Offices of the Office of the Secretary of the Army". Escape will cancel and close the window. Learn more about what it's like to work at US Marine Corps, what the agency does, and about the types of careers this agency offers. Beginning of a dialog window for your session has expired. Escape will cancel And close the window. Your Session is About to Expire! Your USAJOBS session will expire due to inactivity in three minutes. Any unsaved data will be lost if you allow the session to expire. Click the button below to continue your session.