IT Security Manager

Location
Lanham-Seabrook, Maryland
Posted
May 03, 2021
Closes
Jun 07, 2021
Ref
15225
Function
Management
Hours
Full Time
Summary

The Security Manager is responsible for planning and implementing risk management strategies, processes and programs. As the Security Manager you will manage the resolution of incident/problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.

Responsibilities
  • Development and execution of information risk controls and management strategies
  • Carry out risk assessment within a defined functional or technical area of business.
  • Use consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business.
  • Refer to domain experts for guidance on specialized areas of risk, such as architecture and environment.
  • Govern information risk management services for customer operations
  • Specialize on a specific technology and/or risk management discipline
  • Coordinate the development of countermeasures and contingency plans.
  • Apply standard procedures to enhance security or resilience to system interruptions.
  • Can take immediate action in an incident to limit business impact and escalates event to higher authority.
  • Apply and maintain specific risk management controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
  • Determine when issues should be escalated to a higher level.
  • Demonstrate effective communication of risk management issues to business managers and others.
  • Maintain knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks.
  • Implement and administer risk management technologies and process controls in a given specialism and conducts compliance tracking.
  • The specialism can be any area of information or communication technology, technique, method, product or application area.
  • Carry out risk assessment within a defined functional or technical area of business.
  • Use consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business.
  • Refer to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment.
  • Co-ordinate response to quantified risks, which may involve acceptance, transfer, reduction or elimination.
  • Assist with development of agreed countermeasures and contingency plans.
  • Monitor status of risks, and reports status and need for action to senior management. Information Assurance
  • Apply procedures to assess security of information and infrastructure components.
  • Identify risks of unauthorized access, data loss, compromise of data integrity, or risk of business interruption
  • Review compliance to information security policies and standards.
  • Apply procedures to assess compliance of hardware and software configurations to policies, standards, legal and regulatory requirements.
  • Communicate information assurance issues effectively to users and operators of systems and networks.
  • Demonstrate effective communication of security issues to business managers and others.
  • Develop and maintain knowledge of the technical specialism by, for example, reading relevant literature, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies.
  • Maintain an awareness of current developments in the technical specialism.
  • Apply and maintain specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
  • Determine when security issues should be escalated to a higher level.
  • Analyze incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance.
  • Assess and report the probable causes of incidents and consequences of existing problems and known defects.
  • Conduct security control reviews in well-defined areas.
  • Provide advice, both reactively and pro-actively, to those engaged in activities where the technical specialism is applicable, including those in areas such as budgetary and financial planning, litigation, legislation, and health and safety.
  • Identify opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible.
  • Carry out specific assignments related to the technical specialism, either alone or as part of a team.
  • Maintain knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency
  • Other duties as assigned

Qualifications
  • Bachelor's Degree in Computer Science, Information Systems, or related field
  • Experience in moderate to large technology implementations and background as an administrator of IT systems, databases, or processes
  • Experience in Information Technology, which includes substantial experience in a risk management specialism
  • Certifications in at least one of the following CISSP, SANS GSEC
  • CompTIA Security+ within 90 days of hire
  • ITIL V3 Foundation Certification required
  • Minimum Background Investigation (MBI)

Knowledge, Skills and Abilities:
  • Understands and uses appropriate methods and tools and applications
  • Demonstrates analytical and systematic approach to problem solving
  • Takes initiative in identifying and negotiating appropriate development opportunities
  • Able to absorb and apply new technical information.
  • Able to work to required standards and to understand and use the appropriate methods, tools and applications.
  • Appreciates wider field of information systems, how own role relates to other roles and to the business.
  • Basic business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity.
  • Able to obtain information from business people in face to face situations, and to analyze information on users occupational tasks obtained by a variety of formal and informal means.
  • Analytical and creative approach to problem solving.
  • Familiar with the principles and practices involved in development, maintenance and in-service delivery.
  • Good technical understanding and the aptitude to remain up to date with IS security and developments.
  • Possesses a general understanding of the business applications of IT.
  • Effective and persuasive in both written and oral communication.
  • Demonstrates basic knowledge of information security principles.
  • Basic understanding the following 10 security domains with technical expertise in at least one of the domain areas:
  • Access Control Systems and Methodology
  • Network Security
  • Business Continuity Planning and Disaster Recovery Planning
  • Security Management Practices
  • Security Architecture and Models
  • Law, Investigation, and Ethics
  • Application and Systems Development Security
  • Cryptography
  • Computer Operations Security
  • Physical Security
  • Relevant industry standards awareness / governmental regulations awareness
  • Disaster Recovery Domain
  • Basic understanding of the following 10 Business Continuity domain areas with technical expertise in at least two of the domain areas:
  • Project Initiation and Management
  • Risk Evaluation and Control
  • Business Impact Analysis
  • #Chenega Worldwide Support, LLC

Similar jobs