Summary:

The Information System Security Manager serves as the IT Cybersecurity leader for the company.  The primary responsibilities of the ISSM are to:

• Serve as the leader of the security risk management framework (RMF) function for CRI.
• Manage the internal and external security profile of the company’s infrastructure and systems and provide security assurance leadership.
• Serve as the security administrator for CRI; review and assess risks and vulnerabilities, recommend criticalities and remediations as the security subject matter expert.
• Serve as Program Manager to coordinate, facilitate, and organize all aspects of our compliance and audit program which includes SOX, PCI, FISMA and ISO, as well as our ATO.
• Responsible for both the internal and external security of the company’s information systems and physical security.
• Must be able to identify, initiate, and influence changes to the company’s security profile, structure, performance and protection as needed to ensure safety of the company’s assets and resources.
• Understand and demonstrate the principals of the Company’s Mission, Vision and Values.
• Conduct annual PCI, FISMA compliance program reviews for certification and accreditation.
• Responsible for the day-to-day review and assessment of risks and vulnerabilities being reported by third parties and determining criticality and timing for corrective action.
• Develop and implement a Risk Assessment Methodology for a decentralized application environment.
• Develop security controls metrics, in addition to producing any other necessary Information Security reports (e.g., firewalls, intrusion detection and prevention systems, security information and event management systems).
• Draft and maintain documentation as it relates to network and security processes or assigns and proactively tract the development, maintenance, and changes to security policies, procedures, processes, and work instructions.
• Advise of potential, possible or probable security breaches to the company.
• Keep abreast of new technological challenges, as well as new developments in system protection and recognized IT security-related standards.
• Ability to communicate security concepts to a technical and non-technical audience.
• Conduct periodic audits and due diligence checks of system to evaluate new vulnerabilities and define solutions.
• Provide information and training, including company-wide communications to staff, in areas of security breaches and other threats.
• Advise senior management about status of security system.
• Coordinate with infrastructure admins with maintenance of firewalls, security devices, and other infrastructure.
• Responsible for development, modification, and operation of the IDS and IPS.
• Provide security training to all new hires.
• Provide technical security support to Business Areas and IT staff on products, projects, applications, and services as required.
• Participate in monthly patching and security updates as required to keep environment secure.   
• Create and maintain accurate technical documentation and checklists relating to procedures and controls.
• Ability to work with extremely sensitive information and assist HR or executive management with investigations as required.
• Sense of ownership and urgency with a strong passion to protect the company from cyber threats, risks and exposures.  An equal passion to maintain the audit and compliance programs with top level quality and current certifications.
• Provide security experience and knowledge that includes but may not be limited to the following: Active Directory, Exchange, Hyper-V, File and Print sharing, VOIP, Application server support, Client-side OS support, Email services, Security and Spyware protection services, Virus protection, Firewall configuration, Backup and Recovery service, URL and Content Filtering.
• Develop disaster recovery plans and serve as the disaster recovery crisis incident leader for tests and in the event of an actual event.
• Monitor the company’s intrusion detection and prevention system in response to technological advances.
• Monitor operations to ensure compliance with all government regulations.
• Supervise the Security Incident Response Team (SIRT) and review reports of any incidents, evaluates response, and recommend modifications to protocols as required.
• Recommends physical security and IT assurance best practices.
• Track and report the status of all audit, compliance, and vulnerability items.
• Communicate the risks of exposures to the VP of IT and Executive team as needed.
• Ability to work independently.
• Provide project leadership and management for assigned IT projects and tasks.
• Other duties as assigned.  

Education, Experience, and Qualifications:

• Bachelor’s degree in Computer Science or related field is required.
• 4 or more years’ experience in Network and System Administration with working knowledge of key security standards, plus 5 or more years as an IT assurance or security professional.
• General knowledge of infrastructure and application security standards and best practices.
• Experience with regulations (ISO, FFIEC, Cyber framework, SAN’s 20 critical controls, GLBA, SEC, SOX, etc.) highly desired.
• Security +, PCI ISA, CCNA, Network +, Server+, Microsoft Certifications, CISA, CISM, CISSP certifications highly desired.
• Deep understanding of FISMA and PCI with ability to be conduct conversational discussions at detailed levels of knowledge as a SME.
• Understanding of NIST publications with expertise in NIST 800 53.
• Must Understand Gramm-Leach Billy ACT (GLBA) Sarbanes-Oxley ACT (SOX) SSAE-16, ISO 27001 Standards, Payment Card Industry Data Security Standard (PCI DSS).
• US Citizenship is required per the contract.
• Must be able to obtain and maintain a 6C Suitability clearance.
• Strong people and communication skills.

Other Information:

•  Must be willing and able to work outside of core business hours, as needed
• Travel within the United States may be required
• Master’s degree preferred
• 3 years of security supervisory experience is strongly preferred

____________________________________________________________________________________________________

Equal Opportunity Employer:

Central Research is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Click here to view the Equal Employment Opportunity Posters.

If you’d like to view a copy of the company’s affirmative action plan, please call 703-382-1970. 

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact our recruiting office at (703) 382-1363. This telephone line is reserved solely for job seekers with disabilities requesting accessibility assistance or an accommodation in the job application process. Please do not call about the status of your job application if you do not require accessibility assistance or an accommodation. Messages left for other purposes, such as following up on an application or non-disability related technical issues, will not receive a response.

NOTE:  This job description is not intended to be an exhaustive list of all duties, responsibilities or qualifications associated with the job.  It is intended to describe the general nature and work responsibilities of the position.  This job description and the duties of this position are subject to change, modification and addition as deemed necessary by the Company.

*CRI*