Cybersecurity Risk Assessment Team Leader

Company: Computer Merchant, Ltd., The
Location: Lexington
Posted on: August 3, 2020

Job Description:

Cybersecurity Risk Assessment Team Leader Direct Hire Perm Lexington, MA The Security Services Department's overall mission is to ensure a safe and secure environment and protect Client at all facilities in which staff members perform their mission of research and development. To accomplish this mission, this department formulates and implements policies, plans, and actions designed to protect facilities against threats of vandalism, accidental destruction, and sabotage and safeguards personnel, classified and unclassified information systems, personal identifiable information, property, and other assets from exploitation and recruitment by foreign intelligence agencies. The Information Security Group provides Cybersecurity and Risk Assessment services to the Laboratory. The functional areas include Special Programs and Collateral Information Assurance (IA), Forensic Analysis Center (FAC) and Cybersecurity Risk Assessment Services. The Cybersecurity Risk Assessment Team is primarily responsible for conducting security compliance audits, advanced network security engineering, information security risk assessments. The Cybersecurity Risk Assessment Team is also responsible for policy, process and procedure development in accordance with applicable DoD standards and industry best practices. The team performs audits of classified and unclassified Information Systems (IS) to ensure compliance with applicable laws and government regulations, to include the National Industrial Security Program Operation Manual (NISPOM) and DoD Risk Management Framework (RMF) guidelines regarding the protection of classified information systems, Joint Special Access Program (SAP) Implementation Guide (JSIG), Intelligence Community Directive 503 (ICD-503), Security Technical Implementation Guides (STIGs), National Institute of Standards and Technology (NIST) standards and Special Publications, DoD Cyber Maturity Model Certification (CMMC) and Laboratory Information System Security Procedures. The Cybersecurity Risk Assessment Team Leader provides daily technical and operational supervision to Cybersecurity Risk Assessment Analysts assigned to the Security Services Department. This position frequently works with Security Services Department and Information Security Group leadership to develop and oversee Cybersecurity Risk Assessment Team objectives, and to support the success of the Cybersecurity Risk Assessment Team. The Team Leader develops and oversees team goals and action plans, and ensures alignment with overall Information Security Group objectives and Security Service Department strategic initiatives. The Team Leader routinely collaborates with other members of the Information Security Group, Security Services Department (SSD), Information Services Department (ISD), and Technical Research Divisions. The position works with both research and operations staff to provide timely and comprehensive guidance in order to ensure regulatory and compliance risks are adequately identified, communicated, and remediated. The Team Leader must possess well-developed report writing and briefing skills. The Team Leader is called upon to present team capabilities to key stakeholders and visitors, provide briefings, assessment results, and updates to Group and Division Leadership, and requires a high level of communication skills, to include the ability to provide training and briefings to all levels of the organization. Primary Duties Include Oversee daily activities of the Cybersecurity Risk Assessment Team, developing and maintaining measurable Cybersecurity Risk Assessment Program initiatives and ensuring team members participate in an effective information security education, training and awareness Participate in personnel retention efforts for staff, schedules and conducts personnel interviews and identifies opportunities for professional staff development Assist in staff goal setting and performance appraisals Work closely with the IT department in collaboration of enterprise activities and security requirements Provide guidance to team members and participate in the Laboratory's Information Security inspection and review program. This includes unclassified and classified Information System (IS) inspections including Government Inspections, Self-Inspections, Information System Reviews, Staff Assistance Visits (SAVs), wireless scan audits, perimeter compliance inspections, network vulnerability testing and remediation, as well as security assessments for new devices and technologies Lead teams to validate the configuration, maintenance and accreditation activities of the Laboratory's SIPRNET environment and validate Command Cyber Readiness Inspection (CCRI) preparedness Evaluate and understand multiple networked computer environments and determine whether the appropriate level of security measures are in-effect based on applicable security best practices andor governing policies and regulations Assist in planning, organizing and leading IT security projects related to network, system and data security, enterprise information security reporting, auditing, as well as system risk management and mitigation Participate in ongoing meetings with Laboratory management and present briefings and reports regarding risk assessments, evaluations of emerging technology, and inspection readiness activities Participate in policy and procedure development and oversee Cybersecurity Risk Assessment team policy and procedure development assignments Position Requirements Bachelor's degree in Computer Science, Information Technology, Computer Information Systems, or related field is required Seven (7) or more years of management experience in a Department of Defense (DoD) Industrial Security setting is desired, with related work in the following areas Security Control Assessor, Information Assurance, Risk Assessment, IT Security Must have supervisory experience in a DoD or Industrial Security environment Must have demonstrated knowledge of the National Industrial Security Program Operations Manual (NISPOM), as well as the Department of Defense IT Security Assessment and Authorization Process, based on the Risk Management Framework (RMF), NIST 800-53 controls and other associated NIST publications. Must have demonstrated knowledge of the Defense Cybersecurity and Intelligence Services (DCSA) Assessment and Authorization Manual (DAAPM), DoD SAPSCI Community and Intelligence Community requirements and directives, to include JSIG, and ICD 503 Technical experience, skills and industry IT certifications may be considered substitutes for DoD security experience Demonstrated knowledge of technology testing and evaluation methods and procedures, including the development of techniques for system acceptability testing and evaluation by establishing test criteria and data to ensure program modules and outputs are validated appropriately validated Thorough understanding of National Institute of Standards and Technology (NIST) Special Publication 800-171, Federal Information System Modernization Act (FISMA) processes, and The Federal Risk and Authorization Management Program (FedRAMP) requirements for cloud security, Defense Federal Acquisition Regulation Supplement (DFARS) requirements for Safeguarding Covered Defense Information and Cyber Incident Reporting Must have excellent oral, written and presentation skills. Demonstrated ability to multi task projectsprograms and to redirect priorities as needed The position has a direct interface and coordination role with members of the IT Department and must have demonstrated ability to work across organizational units and with customers Selected candidate must be a reliable self-starter who makes sound, well-informed and objective decisions, works independently under minimal supervision, with a demonstrated ability to manage complex situations, follow-up and solve problems The ideal candidate will have obtained an IT auditor certification, such as the CISA or GNSA. Other relevant certifications, including DoD 8570 baseline certifications, are viewed favorably Must have excellent interpersonal communication, organizational, and customer service skills Excellent writing skills are required in order to complete extensive written reports, documenting inspection findings and observations Position may require local and some overnight travel The selected candidate will be subject to a pre-employment background investigation and must be able to obtain a Top Secret level security clearance with compartmented program eligibility. Equal Opportunity Employer VeteransDisabledSDL2017

Keywords: Computer Merchant, Ltd., The, Boston , Cybersecurity Risk Assessment Team Leader, Hospitality & Tourism , Lexington, Massachusetts