Deputy IT Security Manager

The Deputy Information Security Manager proposes, coordinates, implements and enforces information systems security policies, standards, and methodologies. Manages large, geographically dispersed, multifaceted team comprised of various cyber-security engineers. Team roles include information assurance, security infrastructure engineers, and SOC analysts. Direct and coordinate actions for incident response, data collection, forensics, cleanup and reporting. Assess threat reports and threat intelligence to inform operational and policy decisions. Prioritize and manage projects in a fast-paced environment. Ensure timely completion of projects, on time and on schedule. Read and interpret STIGs, SRGs, SCAP and ACAS scan results and provide direction as necessary for audit, accreditation, project and consulting activities. Review vulnerability scans and approve associated mitigation strategies. Document strategies in Plans of Action and Milestones artifacts. Perform all required duties as ISSO for joint-force DoD agency network. Conduct and manage accreditation activities under Risk Management Framework (RMF) for multiple accreditation boundaries. Provide guidance and leadership to other team ISSOs. Lead accreditation efforts and CCRIs. Complete, test and review of RMF security controls (CCIs) as part of multiple eMASS accreditation packages. Develop artifacts to provide evidence, support, or policy guidance for compliance with each control as necessary. Conduct management and oversight of enterprise SOC team and Incident Responders. Coordinate response efforts, incident management and triage. Provide oversight of SOC activities, technologies, and strategic direction. Coordinate with division leads and directors for investigations, insider threat, and research. Conduct analysis and provide recommendations on policy, design, and solutions for increasing the security of the enterprise. Basic Qualifications & Education:

• 3+ years of IT experience in systems, networking, or application development.
• 3+ years of information technology experience in security engineering, operations management, and IT management.
• 3+ years of experience managing a team of 5 or more direct reports in an enterprise IT environment.
• 3+ years as an operations or security manager on an enterprise level network
• Bachelor's degree in related field or 4 years of full-time information technology experience in lieu of a degree. Minimum of 8 year of experience in Information Technology positions.
• Excellent interpersonal, interviewing, analytical and problem solving skills to address variable situations.
• General knowledge of DOD industry security requirements, standards, and best practices.
• Strong written and verbal communication skills; ability to document processes and write comprehensive security recommendations.
• Professional attitude, able to communicate and interact with individuals at all levels across various information technology and business sectors.
• Strong organizational, project management, and customer service skills. Ability to act in the best interest of the client both within a team and self-directed.

• 3+ years of experience in DOD/military IT environment; experience reading and interpreting TASKORDs and OPORDs.
• 3+ years of experience in an ISSO position working with Assured Compliance Assessment Solution (ACAS) or similar vulnerability scanning tools; Patch management and compliance; eMASS or similar tool; performing C&A, A&A, Validator or SCA responsibilities; developing POA&Ms and documentation; vulnerability mitigation.
• 3+ years of experience working in a SOC environment; conduct in-depth continuous monitoring; tuning of security devices and management of alerts; administration of HBSS tools; network defense and security event triage.
• ISSO/ISSM experience on a network enclave

• CompTIA Security+CE

• GIAC GSEC, GCIA, GISF, GCED, GCWN, GPPA, GMON, GCUX, GCCC
• ISC2 CISSP, CCFP, CCSP, SSCP, CSSLP, HCISPP, PMP, ITIL

• Secret