Alpha Omega Integration LLC is an award-winning Federal IT Solutions provider. Since its inception in September 2016, we have grown from a start-up to a $100m/year business. Alpha Omega's growth stems from our mission focus: to make the US Government the best in the world. We achieve that via advanced capabilities in the areas of Design & Product Management, DevSecOps & Cloud Engineering, Intelligent Automation, and Cybersecurity. Our consistent growth has fostered a series of accolades including Inc. 5000 and Washington Technology's Fast 50 awards for five consecutive years, Virginia Business Best Places to Work ten years in a row, and Maryland Technology Council's 2022 Government Contract of the Year over $50 Million Dollars award, to name a few. We are seeking passionate federal IT professionals to join our team. Come support our nation's government agencies and make a difference! Why Us? We have H.E.A.R.T.! Alpha Omega's Core Values - (H) harmony, (E) engagement, (A) accountability, (R) resourcefulness, and (T) tenacity- collectively are an acrostic reminder of the values that guide the work we do. We foster a culture that recognizes and rewards hard work. Our H.E.A.R.T. program invites colleagues and managers from across the organization to recognize each other for living out our core values. Spotlighted employees enjoy a detailed nomination about their core-values-aligned actions which are then shared with their manager. Ready to embark on a rewarding, challenging, and fulfilling career in the Federal IT Solutions space? Come grow with us! Job Title: Project Manager Work Location: Remote Clearance Required: Public Trust Responsibilities: Manages, plans, coordinates, and directs administrative activities, program control, and technical personnel involved in providing services in fulfillment of various IT projects on time and within budget. Key to success of the USDA ISCM CDM Program is an educated and trained workforce. The contractor shall support, coordinate and manage USDA Information Security Continuous Monitoring CDM Education and Training across the USDA enterprise. Provide centralized project management support and oversight for OCIO, ISC and enterprise-wide cybersecurity initiatives. Support data calls including OMB, Executive Order, and USDA data calls across the Agencies. Manage the overall direction, control and reporting of projects. Provide guidance to all project team members to ensure all technical, schedule and cost objectives are achieved successfully. Develop project documentation including budgets, project schedules and various planning and implementation documents. Collaborate with contract and government personnel to perform process improvement events to streamline processes. Work closely with and provide guidance to senior leadership. Prepare program and/or project level content for executive level briefings. Content may include prioritizing resources across projects within a program, managing dependencies between the projects and the overall costs and risks of the program. Direct support of the USDA ISCM CDM Program Manager. Perform planning, coordinating and scheduling of ISCM CDM education and training for OCIO and USDA agencies' security and IT staff. The contractor shall design and deliver ad hoc refresher, ISCM and CDM 101 and/or major upgrade training (brown bag and/or webinars) for USDA agencies' security and IT staff. Coordinate all ISCM CDM training, as applicable, with CDM solution vendors and the OCIO Office of the Director. Coordinate logistics for ISCM CDM education and training, e.g. if on-site - facilities. Publish USDA ISCM CDM PMO Training Advisories - both for external DHS provided CDM training and internal unique to USDA ISCM CDM training. Coordinate with ISC AgLearn lead to register USDA personnel taking on site ISCM CDM courses. Update continually the ISCM CDM and Cybersecurity Workforce Education and Training activities and status on SharePoint. Post all relevant documentation in the ISCM CDM SharePoint data repository. Alpha Omega Integration, LLC (Alpha Omega) is committed to the development of a creative, diverse, and inclusive work environment. In accordance with the law and our organizational values, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, Veteran Status, or any other characteristic protected by law (referred to as "protected status)". Final hiring decisions at Alpha Omega will be based on merit, qualifications, and abilities. Black, Indigenous, and People of Color (BIPOC), LGBTQIA, women, people over 40, and differently-abled folks are strongly encouraged to apply.
03/28/2024
Full time
Alpha Omega Integration LLC is an award-winning Federal IT Solutions provider. Since its inception in September 2016, we have grown from a start-up to a $100m/year business. Alpha Omega's growth stems from our mission focus: to make the US Government the best in the world. We achieve that via advanced capabilities in the areas of Design & Product Management, DevSecOps & Cloud Engineering, Intelligent Automation, and Cybersecurity. Our consistent growth has fostered a series of accolades including Inc. 5000 and Washington Technology's Fast 50 awards for five consecutive years, Virginia Business Best Places to Work ten years in a row, and Maryland Technology Council's 2022 Government Contract of the Year over $50 Million Dollars award, to name a few. We are seeking passionate federal IT professionals to join our team. Come support our nation's government agencies and make a difference! Why Us? We have H.E.A.R.T.! Alpha Omega's Core Values - (H) harmony, (E) engagement, (A) accountability, (R) resourcefulness, and (T) tenacity- collectively are an acrostic reminder of the values that guide the work we do. We foster a culture that recognizes and rewards hard work. Our H.E.A.R.T. program invites colleagues and managers from across the organization to recognize each other for living out our core values. Spotlighted employees enjoy a detailed nomination about their core-values-aligned actions which are then shared with their manager. Ready to embark on a rewarding, challenging, and fulfilling career in the Federal IT Solutions space? Come grow with us! Job Title: Project Manager Work Location: Remote Clearance Required: Public Trust Responsibilities: Manages, plans, coordinates, and directs administrative activities, program control, and technical personnel involved in providing services in fulfillment of various IT projects on time and within budget. Key to success of the USDA ISCM CDM Program is an educated and trained workforce. The contractor shall support, coordinate and manage USDA Information Security Continuous Monitoring CDM Education and Training across the USDA enterprise. Provide centralized project management support and oversight for OCIO, ISC and enterprise-wide cybersecurity initiatives. Support data calls including OMB, Executive Order, and USDA data calls across the Agencies. Manage the overall direction, control and reporting of projects. Provide guidance to all project team members to ensure all technical, schedule and cost objectives are achieved successfully. Develop project documentation including budgets, project schedules and various planning and implementation documents. Collaborate with contract and government personnel to perform process improvement events to streamline processes. Work closely with and provide guidance to senior leadership. Prepare program and/or project level content for executive level briefings. Content may include prioritizing resources across projects within a program, managing dependencies between the projects and the overall costs and risks of the program. Direct support of the USDA ISCM CDM Program Manager. Perform planning, coordinating and scheduling of ISCM CDM education and training for OCIO and USDA agencies' security and IT staff. The contractor shall design and deliver ad hoc refresher, ISCM and CDM 101 and/or major upgrade training (brown bag and/or webinars) for USDA agencies' security and IT staff. Coordinate all ISCM CDM training, as applicable, with CDM solution vendors and the OCIO Office of the Director. Coordinate logistics for ISCM CDM education and training, e.g. if on-site - facilities. Publish USDA ISCM CDM PMO Training Advisories - both for external DHS provided CDM training and internal unique to USDA ISCM CDM training. Coordinate with ISC AgLearn lead to register USDA personnel taking on site ISCM CDM courses. Update continually the ISCM CDM and Cybersecurity Workforce Education and Training activities and status on SharePoint. Post all relevant documentation in the ISCM CDM SharePoint data repository. Alpha Omega Integration, LLC (Alpha Omega) is committed to the development of a creative, diverse, and inclusive work environment. In accordance with the law and our organizational values, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, Veteran Status, or any other characteristic protected by law (referred to as "protected status)". Final hiring decisions at Alpha Omega will be based on merit, qualifications, and abilities. Black, Indigenous, and People of Color (BIPOC), LGBTQIA, women, people over 40, and differently-abled folks are strongly encouraged to apply.
IT/ESS TECHNICAL PROGRAM MANAGER to Serve a Design-Build & Systems Integration Corporation for Mission-Critical Organizations Active Top Secret Clearance Required Job Innova Solutions is currently seeking an IT/ESS Technical Program Manager with an Active Top-Secret Clearance to serve to serve a Design-Build & Systems Integration Corporation for Mission-Critical Organizations. Position type: Full-time Permanent (No C2C - No VISA sponsorship candidates) Location: 5 days a week onsite in Tysons Corner, VA (Possibly hybrid after 6 months) Pay Range: 190k-200k/year KEY RESPONSIBILITIES: • Manage a team of systems engineers, systems administrators, and technical specialists-general staff supervision and evaluation, task coordination, manpower planning, risk mitigation, communications, and status tracking. • Lead the daily ops tempo to ensure production schedules are met (e.g., deployments, imaging, vulnerability management). • Lead the analysis, enumeration, solution development, testing, and remediation of cyber security directives to enable timely remediation of cyber security threats while ensuring high availability of mission critical systems. • Oversee incident and event management to ensure resolution times for fault conditions meet SLA requirements. • Ensure system resources are used effectively by overseeing performance and health monitoring, capacity planning, and system optimization activities. • Ensure proper relationships are established between customers, teaming partners and vendors to facilitate the delivery of information technology services. • Drive the analysis, evaluation, engineering, and implementation of system improvements, automation, optimization, and deployments. • Drive establishment of operational, functional, and technical requirements for the development of enterprise-wide or large-scale information system solutions. • Drive the design of architectures to include the software, hardware and communications to support the total requirements as well as provide for present and future cross-functional requirements and interfaces. • Coordinate and lead team in activities related to items such as the following: • Diagnosis and resolution of availability, performance, and information assurance issues in a dynamic, always-on, mission critical environment. • Documentation of designs and changes to infrastructure environments including physical/logical drawings, engineering design plans, implementation plans, transition plans, test plans, and failover plans. • Execution of security updates to hardware and software to ensure the security posture across all systems implemented and managed. THE IDEAL CANDIDATE WILL HAVE: • Adjudicated U.S. Top Secret Clearance. • Bachelor's Degree in Computer Science, Systems Engineering, Electrical Engineering, Mechanical, or a Related Engineering Discipline or Information Technology degree. • 10+ Years of progressive experience. • Experience eliciting requirements, conducting research, designing, testing, and implementing hardware and software solutions for data center and virtual infrastructure technologies. • Familiarity with open systems architectures, the Open Systems Interconnection (OSI) and International Standards Organization (ISO) reference models, and profiles of standards. • Strong familiarity/experience with the following core platforms and services: • VMware ESXi and vSphere • Microsoft Windows Server 2016 and 2019 Deployment and Administration • Microsoft Windows 10 Deployment and Administration • DNS, DFS, and DHCP • Windows Server Update Services (WSUS), Key Management Service (KMS) • Active Directory and defining, implementing, and maintaining Group Policy • Data center networking fundamentals (experience with software defined data center networks a plus • Data center storage fundamentals (experience with SAN protocols and NAS protocols • Demonstrated ability to work effectively with technical peers/leads. • Experience leading teams in virtualizing enterprise applications (Active Directory, MS SQL, RHEL, MS SharePoint, etc.). • Experience leading teams in developing, implementing, and maintaining highly secure and reliable solutions that meet all organizational Cybersecurity and Information Assurance requirements. • Experience leading teams performing security scans, performing system updates, and applying security configurations, e.g., DISA STIG/SRGs to system hardware and software. • Experience with Data Center Automation and Infrastructure as a Service (IaaS), API management, scripting languages including PowerShell, Python, JSON, Bash, etc. • DoD 8570 IAM Level-II certification. • Strong oral, written and presentation skills with the ability and experience communicating with customers at various levels. • Demonstrated background working with multidisciplinary teams. • Demonstrated time management and organization skills to meet deadlines and quality objectives. • Strong MS Excel, Word, PowerPoint, and Visio Skills is a plus. Qualified candidates should APPLY NOW for immediate consideration! Please send your resume to and then text/call David at . Thank you for considering/sharing! Blessings, David Slaymaker Senior Recruiting Team PAY RANGE AND BENEFITS: Pay Range : $190k - $200K per year Pay range offered to a successful candidate will be based on several factors, including the candidate's education, work experience, work location, specific job duties, certifications, etc. Benefits: • Leader in environmentally friendly mobility solutions including battery electric, hybrid electric, near-zero CNG and clean diesel transit buses • Renowned for its inclusive team/family-oriented culture • Stable, successful, and growing organization - a Bay Area business for over 132 years! • Flexible schedules ( depending on project needs) • Excellent compensation including company paid medical premiums, generous retirement plan and other comprehensive benefits ABOUT INNOVA SOLUTIONS: Founded in 1998 and headquartered in Atlanta, Georgia, Innova Solutions employs approximately 50,000 professionals worldwide and reports an annual revenue approaching $3 Billion. Through our global delivery centers across North America, Asia, and Europe, we deliver strategic technology and business transformation solutions to our clients, enabling them to operate as leaders within their fields. Website: Innova Solutions is an Equal Opportunity Employer and prohibits any kind of unlawful discrimination and harassment. Innova Solutions is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment on the basis of race, color, religion or belief, national origin, citizenship, social or ethnic origin, sex, age, physical or mental disability, veteran status, marital status, domestic partner status, sexual orientation, or any other status protected by the statutes, rules, and regulations in the locations where it operates. If you are an individual with a disability and need a reasonable accommodation to assist with your job search or application for employment, please contact us at or . Please indicate the specifics of the assistance needed. Innova Solutions encourages all interested and qualified candidates to apply for employment opportunities. Innova Solutions (HireGenics/Volt) does not discriminate against applicants based on citizenship status, immigration status, or national origin, in accordance with 8 U.S.C. 1324b. The company will consider for employment qualified applicants with arrest and conviction records in a manner that complies with the San Francisco Fair Chance Ordinance, the Los Angeles Fair Chance Initiative for Hiring Ordinance, and other applicable laws.
03/28/2024
Full time
IT/ESS TECHNICAL PROGRAM MANAGER to Serve a Design-Build & Systems Integration Corporation for Mission-Critical Organizations Active Top Secret Clearance Required Job Innova Solutions is currently seeking an IT/ESS Technical Program Manager with an Active Top-Secret Clearance to serve to serve a Design-Build & Systems Integration Corporation for Mission-Critical Organizations. Position type: Full-time Permanent (No C2C - No VISA sponsorship candidates) Location: 5 days a week onsite in Tysons Corner, VA (Possibly hybrid after 6 months) Pay Range: 190k-200k/year KEY RESPONSIBILITIES: • Manage a team of systems engineers, systems administrators, and technical specialists-general staff supervision and evaluation, task coordination, manpower planning, risk mitigation, communications, and status tracking. • Lead the daily ops tempo to ensure production schedules are met (e.g., deployments, imaging, vulnerability management). • Lead the analysis, enumeration, solution development, testing, and remediation of cyber security directives to enable timely remediation of cyber security threats while ensuring high availability of mission critical systems. • Oversee incident and event management to ensure resolution times for fault conditions meet SLA requirements. • Ensure system resources are used effectively by overseeing performance and health monitoring, capacity planning, and system optimization activities. • Ensure proper relationships are established between customers, teaming partners and vendors to facilitate the delivery of information technology services. • Drive the analysis, evaluation, engineering, and implementation of system improvements, automation, optimization, and deployments. • Drive establishment of operational, functional, and technical requirements for the development of enterprise-wide or large-scale information system solutions. • Drive the design of architectures to include the software, hardware and communications to support the total requirements as well as provide for present and future cross-functional requirements and interfaces. • Coordinate and lead team in activities related to items such as the following: • Diagnosis and resolution of availability, performance, and information assurance issues in a dynamic, always-on, mission critical environment. • Documentation of designs and changes to infrastructure environments including physical/logical drawings, engineering design plans, implementation plans, transition plans, test plans, and failover plans. • Execution of security updates to hardware and software to ensure the security posture across all systems implemented and managed. THE IDEAL CANDIDATE WILL HAVE: • Adjudicated U.S. Top Secret Clearance. • Bachelor's Degree in Computer Science, Systems Engineering, Electrical Engineering, Mechanical, or a Related Engineering Discipline or Information Technology degree. • 10+ Years of progressive experience. • Experience eliciting requirements, conducting research, designing, testing, and implementing hardware and software solutions for data center and virtual infrastructure technologies. • Familiarity with open systems architectures, the Open Systems Interconnection (OSI) and International Standards Organization (ISO) reference models, and profiles of standards. • Strong familiarity/experience with the following core platforms and services: • VMware ESXi and vSphere • Microsoft Windows Server 2016 and 2019 Deployment and Administration • Microsoft Windows 10 Deployment and Administration • DNS, DFS, and DHCP • Windows Server Update Services (WSUS), Key Management Service (KMS) • Active Directory and defining, implementing, and maintaining Group Policy • Data center networking fundamentals (experience with software defined data center networks a plus • Data center storage fundamentals (experience with SAN protocols and NAS protocols • Demonstrated ability to work effectively with technical peers/leads. • Experience leading teams in virtualizing enterprise applications (Active Directory, MS SQL, RHEL, MS SharePoint, etc.). • Experience leading teams in developing, implementing, and maintaining highly secure and reliable solutions that meet all organizational Cybersecurity and Information Assurance requirements. • Experience leading teams performing security scans, performing system updates, and applying security configurations, e.g., DISA STIG/SRGs to system hardware and software. • Experience with Data Center Automation and Infrastructure as a Service (IaaS), API management, scripting languages including PowerShell, Python, JSON, Bash, etc. • DoD 8570 IAM Level-II certification. • Strong oral, written and presentation skills with the ability and experience communicating with customers at various levels. • Demonstrated background working with multidisciplinary teams. • Demonstrated time management and organization skills to meet deadlines and quality objectives. • Strong MS Excel, Word, PowerPoint, and Visio Skills is a plus. Qualified candidates should APPLY NOW for immediate consideration! Please send your resume to and then text/call David at . Thank you for considering/sharing! Blessings, David Slaymaker Senior Recruiting Team PAY RANGE AND BENEFITS: Pay Range : $190k - $200K per year Pay range offered to a successful candidate will be based on several factors, including the candidate's education, work experience, work location, specific job duties, certifications, etc. Benefits: • Leader in environmentally friendly mobility solutions including battery electric, hybrid electric, near-zero CNG and clean diesel transit buses • Renowned for its inclusive team/family-oriented culture • Stable, successful, and growing organization - a Bay Area business for over 132 years! • Flexible schedules ( depending on project needs) • Excellent compensation including company paid medical premiums, generous retirement plan and other comprehensive benefits ABOUT INNOVA SOLUTIONS: Founded in 1998 and headquartered in Atlanta, Georgia, Innova Solutions employs approximately 50,000 professionals worldwide and reports an annual revenue approaching $3 Billion. Through our global delivery centers across North America, Asia, and Europe, we deliver strategic technology and business transformation solutions to our clients, enabling them to operate as leaders within their fields. Website: Innova Solutions is an Equal Opportunity Employer and prohibits any kind of unlawful discrimination and harassment. Innova Solutions is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment on the basis of race, color, religion or belief, national origin, citizenship, social or ethnic origin, sex, age, physical or mental disability, veteran status, marital status, domestic partner status, sexual orientation, or any other status protected by the statutes, rules, and regulations in the locations where it operates. If you are an individual with a disability and need a reasonable accommodation to assist with your job search or application for employment, please contact us at or . Please indicate the specifics of the assistance needed. Innova Solutions encourages all interested and qualified candidates to apply for employment opportunities. Innova Solutions (HireGenics/Volt) does not discriminate against applicants based on citizenship status, immigration status, or national origin, in accordance with 8 U.S.C. 1324b. The company will consider for employment qualified applicants with arrest and conviction records in a manner that complies with the San Francisco Fair Chance Ordinance, the Los Angeles Fair Chance Initiative for Hiring Ordinance, and other applicable laws.
POSITION SUMMARY The OT Cyber Security Engineer will be responsible for ensuring the security and reliability of the organization's Operational Technology (OT) environment. This will involve identifying and mitigation cyber threats, monitoring systems for vulnerability, and developing and implementing cyber defense ESSENTIAL JOB FUNCTIONS Conduct risk assessments of OT systems and identify potential vulnerabilities Develop and implement security measures to protect OT systems against cyber threats Monitor and analyze network traffic to identify potentially malicious activity Define security policies and procedures for OT systems Work with both IT and OT teams to ensure holistic security across the organization Test and evaluate security measures to improve effectiveness Stay up-to-date on the latest cyber threats and security technologies Participate in incident response activities to contain and remediate security incidents Update PLC's, HMI's and other OT related firmware Ability to present information to board of directors to help make informed decisions JOB QUALIFICATION REQUIREMENTS Electrical Controls background preferred. Bachelor's degree in Cybersecurity, Information Assurance, Computer Science or a related field 3 + years of experience in OT security Certification(s) in one or more of the following: CISSP, CISM, CISA, GIAC, CompTIA Security+ Understanding of risk management principles Knowledge of common security frameworks, such as NIST, and ISA/IEC 62443 Experience with firewalls, intrusion detection/prevention systems, and other security technologies Familiarity with IT/OT convergence and associated security risks SPECIAL SKILLS Allen Bradley, Siemens programming. Good written & verbal communication skills Team Player, including cross functional/departmental WORKING CONDITIONS Manufacturing Plant Environment Office Environment Travel
03/28/2024
Full time
POSITION SUMMARY The OT Cyber Security Engineer will be responsible for ensuring the security and reliability of the organization's Operational Technology (OT) environment. This will involve identifying and mitigation cyber threats, monitoring systems for vulnerability, and developing and implementing cyber defense ESSENTIAL JOB FUNCTIONS Conduct risk assessments of OT systems and identify potential vulnerabilities Develop and implement security measures to protect OT systems against cyber threats Monitor and analyze network traffic to identify potentially malicious activity Define security policies and procedures for OT systems Work with both IT and OT teams to ensure holistic security across the organization Test and evaluate security measures to improve effectiveness Stay up-to-date on the latest cyber threats and security technologies Participate in incident response activities to contain and remediate security incidents Update PLC's, HMI's and other OT related firmware Ability to present information to board of directors to help make informed decisions JOB QUALIFICATION REQUIREMENTS Electrical Controls background preferred. Bachelor's degree in Cybersecurity, Information Assurance, Computer Science or a related field 3 + years of experience in OT security Certification(s) in one or more of the following: CISSP, CISM, CISA, GIAC, CompTIA Security+ Understanding of risk management principles Knowledge of common security frameworks, such as NIST, and ISA/IEC 62443 Experience with firewalls, intrusion detection/prevention systems, and other security technologies Familiarity with IT/OT convergence and associated security risks SPECIAL SKILLS Allen Bradley, Siemens programming. Good written & verbal communication skills Team Player, including cross functional/departmental WORKING CONDITIONS Manufacturing Plant Environment Office Environment Travel
Job Description: Fidelity Investments is looking for an experienced application architect to join the Enterprise Cybersecurity organization (ECS), focusing on delivering innovative solutions in application security for cloud and hybrid deployment, and support static and dynamic application security, and red team assessment! The Team & Role The ECS organization is responsible for delivering effective security solutions to ensure customer and enterprise data and assets are protected in a constantly evolving cyber-threat landscape. As part of that mission, ECS is seeking a highly skilled Security Architect to assume main responsibility for the development and implementation of security architecture for complex infrastructure and applications in a challenging and exciting business environment. You will work directly with the product management and engineering teams to develop solutions to critical projects and provide strategic roadmaps mentorship to both partner teams within ECS as well as for our business units and Enterprise Infrastructure. The Expertise You Have Education: BS or Master's in Computer Science, Computer Information Systems Engineering or Management Information Systems or equivalent work experience Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience. Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications Deep technical understanding of and experience with security technologies in areas related to Application Security Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10) Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.) Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment Qualities: Skilled at taking complex topics and making them simple, Clear judgment and stands behind their decisions, Flexible and collaborative with peers Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment The Skills You Bring Significant experience in secure SDLC, application threat modeling and risk assessment Significant hands-on experience in application security solution architecture, technical design and programming. Familiar with common software design patterns, methodologies and processes (UML, OOD, data modeling, middle-tier, AWS & Azure) Experience in AppSec Testing (SAST, DAST, SCA, IAST). Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc) Significant background in solving complex technology challenges to move initiatives forward Agile development approach to continuously deliver value while balancing product strategy Strong inter-personal and communication skills including written, verbal, and technology illustrations Ability to communicate business value and influence other leaders in adopting emerging technology and innovation Capacity to quickly understand and incorporate new technologies Participate in the development of Application Security capabilities roadmap based on forward looking business & security strategies to drive program and investment decisions The Value You Deliver Influence application security architecture vision, strategy, principles, and blueprint to enable Fidelity focus on strengthening and securing our clients' financial well-being Evangelize and drive adoption of enterprise practices (reference architectures) and standard methodology and promote changes in process, standards, or technologies when necessary. Develop and produce high quality documentation for strategic security architecture vision, including blueprints, standards and frameworks that are aligned with overall business strategy Participate in solution architecture design, lead security efforts assisting with the integration and initial implementation of solutions (Proof of Concepts) Serve as information security domain specialist, provide advisory and consulting services as required Stay on top of application security trends and the emerging threat landscape and actively engage with vendors, understanding architecture roadmaps, technology direction, and investment to improve security capabilities and deliver efficient solutions Certifications: Company Overview Fidelity Investments is a privately held company with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients' money. Join Us At Fidelity, you'll find endless opportunities to build a meaningful career that positively impacts peoples' lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a Glassdoor Employees' Choice Award , we have been recognized by our employees as a top 10 Best Place to Work in 2024. And you don't need a finance background to succeed at Fidelity-we offer a range of opportunities for learning so you can build the career you've always imagined. Fidelity's working model blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of one assigned week per four-week period (beginning in September 2024, the requirement will be two full assigned weeks). At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry . Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation, detailed in this document , and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine. We invite you to Find Your Fidelity at . Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging. Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Accommodation Team by sending an email to , or by calling , prompt 2, option 3. We welcome those with experience in jobs such as Software Developer, Computer Technician, and Computer User Support Specialist and others in the Computers and Technology to apply.
03/27/2024
Full time
Job Description: Fidelity Investments is looking for an experienced application architect to join the Enterprise Cybersecurity organization (ECS), focusing on delivering innovative solutions in application security for cloud and hybrid deployment, and support static and dynamic application security, and red team assessment! The Team & Role The ECS organization is responsible for delivering effective security solutions to ensure customer and enterprise data and assets are protected in a constantly evolving cyber-threat landscape. As part of that mission, ECS is seeking a highly skilled Security Architect to assume main responsibility for the development and implementation of security architecture for complex infrastructure and applications in a challenging and exciting business environment. You will work directly with the product management and engineering teams to develop solutions to critical projects and provide strategic roadmaps mentorship to both partner teams within ECS as well as for our business units and Enterprise Infrastructure. The Expertise You Have Education: BS or Master's in Computer Science, Computer Information Systems Engineering or Management Information Systems or equivalent work experience Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience. Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications Deep technical understanding of and experience with security technologies in areas related to Application Security Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10) Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.) Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment Qualities: Skilled at taking complex topics and making them simple, Clear judgment and stands behind their decisions, Flexible and collaborative with peers Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment The Skills You Bring Significant experience in secure SDLC, application threat modeling and risk assessment Significant hands-on experience in application security solution architecture, technical design and programming. Familiar with common software design patterns, methodologies and processes (UML, OOD, data modeling, middle-tier, AWS & Azure) Experience in AppSec Testing (SAST, DAST, SCA, IAST). Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc) Significant background in solving complex technology challenges to move initiatives forward Agile development approach to continuously deliver value while balancing product strategy Strong inter-personal and communication skills including written, verbal, and technology illustrations Ability to communicate business value and influence other leaders in adopting emerging technology and innovation Capacity to quickly understand and incorporate new technologies Participate in the development of Application Security capabilities roadmap based on forward looking business & security strategies to drive program and investment decisions The Value You Deliver Influence application security architecture vision, strategy, principles, and blueprint to enable Fidelity focus on strengthening and securing our clients' financial well-being Evangelize and drive adoption of enterprise practices (reference architectures) and standard methodology and promote changes in process, standards, or technologies when necessary. Develop and produce high quality documentation for strategic security architecture vision, including blueprints, standards and frameworks that are aligned with overall business strategy Participate in solution architecture design, lead security efforts assisting with the integration and initial implementation of solutions (Proof of Concepts) Serve as information security domain specialist, provide advisory and consulting services as required Stay on top of application security trends and the emerging threat landscape and actively engage with vendors, understanding architecture roadmaps, technology direction, and investment to improve security capabilities and deliver efficient solutions Certifications: Company Overview Fidelity Investments is a privately held company with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients' money. Join Us At Fidelity, you'll find endless opportunities to build a meaningful career that positively impacts peoples' lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a Glassdoor Employees' Choice Award , we have been recognized by our employees as a top 10 Best Place to Work in 2024. And you don't need a finance background to succeed at Fidelity-we offer a range of opportunities for learning so you can build the career you've always imagined. Fidelity's working model blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of one assigned week per four-week period (beginning in September 2024, the requirement will be two full assigned weeks). At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry . Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation, detailed in this document , and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine. We invite you to Find Your Fidelity at . Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging. Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Accommodation Team by sending an email to , or by calling , prompt 2, option 3. We welcome those with experience in jobs such as Software Developer, Computer Technician, and Computer User Support Specialist and others in the Computers and Technology to apply.
Who we are looking for We are looking for a highly skilled and experienced Cybersecurity Risk Manager to perform Second line Risk Oversight over State Street's Offensive Security Program. You will be collaborating with peers in Global Cyber Security to ensure risk are being reduced through Red Team and Purple Team exercises, Threat Hunting and Application Penetration testing. The Offensive Security Risk Manager will be part of a high performing Second Line of Defense team focused on reducing cyber security risk and maturing State Streets offensive security capabilities and reporting. This position will report directly to the Cyber Technology Risk Managing Director under the Chief Technology Risk Officer (CTRO). What you will be responsible for Perform cyber security risk management for State Streets offensive security capabilities. Collaborate with GCS and Business units on the mission objectives, attack plans, and execution of the enterprise level penetration tests. Review and analyze reports provided by penetration testers to identify potential remediation activities to be performed. Coordinate with the Business on the results of the penetration test and provide oversight on issues/remediation identified as part of the Archer Finding Governance process. Produce reports, dashboards and metrics to measure the effectiveness of State Streets offensive security capabilities. Build and nurture positive working relationships with the intention to exceed stakeholder expectations. Basic Qualifications: 5+ years of security testing experience (red teaming, cloud security, application security, or network security) Foundational understanding of risk management tools (Material Risk Identification, Risk and Control Self Assessments, and Key Risk Indicator Methodology) Bachelor's Degree in computer science, information technology, information systems, or equivalent Relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Preferred Qualifications: 8 + years of security testing experience (red teaming, cloud security, application security, or network security) 5+ years of experience with threat modeling concepts and Cyber Security frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE) Knowledge and working experience of NIST Cybersecurity Framework (CSF) and NIST 800-53 Good understanding of state-of-the-art IT & Cyber Security products, services and technologies, as well as their respective impact on the organization's risk profile as scale. Ability to translate technical issues into risk terms that business can understand is absolutely necessary. Experience managing a global team of risk professionals. Good understanding and knowledge of IT infrastructure, systems, processes and emerging technologies such as cloud, converged infrastructure etc. At least two of the following relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Salary Range: $140.000 - $222.500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
03/27/2024
Full time
Who we are looking for We are looking for a highly skilled and experienced Cybersecurity Risk Manager to perform Second line Risk Oversight over State Street's Offensive Security Program. You will be collaborating with peers in Global Cyber Security to ensure risk are being reduced through Red Team and Purple Team exercises, Threat Hunting and Application Penetration testing. The Offensive Security Risk Manager will be part of a high performing Second Line of Defense team focused on reducing cyber security risk and maturing State Streets offensive security capabilities and reporting. This position will report directly to the Cyber Technology Risk Managing Director under the Chief Technology Risk Officer (CTRO). What you will be responsible for Perform cyber security risk management for State Streets offensive security capabilities. Collaborate with GCS and Business units on the mission objectives, attack plans, and execution of the enterprise level penetration tests. Review and analyze reports provided by penetration testers to identify potential remediation activities to be performed. Coordinate with the Business on the results of the penetration test and provide oversight on issues/remediation identified as part of the Archer Finding Governance process. Produce reports, dashboards and metrics to measure the effectiveness of State Streets offensive security capabilities. Build and nurture positive working relationships with the intention to exceed stakeholder expectations. Basic Qualifications: 5+ years of security testing experience (red teaming, cloud security, application security, or network security) Foundational understanding of risk management tools (Material Risk Identification, Risk and Control Self Assessments, and Key Risk Indicator Methodology) Bachelor's Degree in computer science, information technology, information systems, or equivalent Relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Preferred Qualifications: 8 + years of security testing experience (red teaming, cloud security, application security, or network security) 5+ years of experience with threat modeling concepts and Cyber Security frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE) Knowledge and working experience of NIST Cybersecurity Framework (CSF) and NIST 800-53 Good understanding of state-of-the-art IT & Cyber Security products, services and technologies, as well as their respective impact on the organization's risk profile as scale. Ability to translate technical issues into risk terms that business can understand is absolutely necessary. Experience managing a global team of risk professionals. Good understanding and knowledge of IT infrastructure, systems, processes and emerging technologies such as cloud, converged infrastructure etc. At least two of the following relevant certifications, such as CISSP, CRISC, GPEN, or OSCP highly preferred. Salary Range: $140.000 - $222.500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Job Description: The Raytheon Intelligence & Space (RI&S) business is seeking an experienced federal compliance leader to lead a team in all aspects of federal cybersecurity risk, audit and compliance processes. The Director - Federal Risk & Compliance will be responsible for ensuring the RI&S network, programs, global sites and subsidiary security controls and processes are architected and designed in a manner to ensure continuous compliance with all federal policies, standards, regulations, procedures and applicable laws. The Director will be responsible for engaging with Enterprise Services, RI&S business product line leaders, program leaders, subsidiaries, global sites and process owners on the documentation, evaluation, and monitoring of the appropriate federal cybersecurity controls across the RI&S computing environment. The ideal candidate will also have experience in both compliance and operational audits, as well as prior hands-on cybersecurity experiences in the defense industry and/or federal agencies. Key Responsibilities: * Manage and lead a team of IT security and compliance experts responsible for identifying and driving the RI&S business cybersecurity standards and processes needed to continuously comply with federal regulatory and legal standards along with their associated reporting requirements. * Establish and maintain a program to track and monitor ATO and POAM completion to ensure timely execution of processes and plans to maintain compliance standards. * Develop strategic roadmaps for capabilities and services to achieve RI&S federal compliance standards and authorizations (ATOs) at the speed of the business. * Coordinate and support audit activities of the RI&S computing environment, focused on DoD and federal security controls, with process and control owners and internal/external auditors * Assist process and control owners to understand cybersecurity related assessments and audit results, identify remediation options, prioritize and see them through to completion * Assist in the development of appropriate security documentation, including system security plans, information security policies and procedures to ensure compliance with government, legal, and regulatory standard requirements * Assist product line and program leaders in assessing compliance impacts to systems and applications * Stay abreast with current & emerging industry related IT security federal regulations, and compliance standards. * Support RI&S and RTX participation in security forums and standards working groups. Qualifications: * 14+ years of progressive cybersecurity or compliance experience with a B.S. degree in Science, Technology, Engineering or Mathematics (STEM) or ten years of progressive cybersecurity or compliance experience, and an M.S./M.A. degree. * Network architecture experience with advanced knowledge of network technologies/protocols and computer security concepts in a large scale networking environment. * Experience with operational, compliance, and IT security audit functions including NIST 800-53, NIST 800-37, NIST 800-171, and ISO 27001, or COBIT. * Strong comprehension of Information Security concepts and practices including vulnerability and compliance tools and processes, awareness of vulnerabilities, emerging threats, and the ability to map adversarial tactics to effective controls. * Demonstrated ability to lead, manage and be fully accountable for a geographically dispersed virtual team supporting a fast-paced work environment. * Good social, verbal, and written communication skills, with demonstrated ability to develop and effectively communicate cybersecurity matters and processes to senior management and executive audiences. * Strategic planning experience including documenting workflows, developing service roadmaps and future state plans. * Strong deductive reasoning, critical thinking, problem solving, and prioritization skills. * Certified security expert - CISSP or CISM and CISA. * Existing Secret clearance required Desired Qualifications: * Understanding of cloud-based IT systems or hybrid cloud delivery models designing, developing in, or transitioning systems and processes to the cloud * Understanding of developing, testing, implementing, and maintaining complex applications and/or databases including web applications and interfaces * Six Sigma and / or Lean certification This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.185277 Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.
09/25/2021
Full time
Job Description: The Raytheon Intelligence & Space (RI&S) business is seeking an experienced federal compliance leader to lead a team in all aspects of federal cybersecurity risk, audit and compliance processes. The Director - Federal Risk & Compliance will be responsible for ensuring the RI&S network, programs, global sites and subsidiary security controls and processes are architected and designed in a manner to ensure continuous compliance with all federal policies, standards, regulations, procedures and applicable laws. The Director will be responsible for engaging with Enterprise Services, RI&S business product line leaders, program leaders, subsidiaries, global sites and process owners on the documentation, evaluation, and monitoring of the appropriate federal cybersecurity controls across the RI&S computing environment. The ideal candidate will also have experience in both compliance and operational audits, as well as prior hands-on cybersecurity experiences in the defense industry and/or federal agencies. Key Responsibilities: * Manage and lead a team of IT security and compliance experts responsible for identifying and driving the RI&S business cybersecurity standards and processes needed to continuously comply with federal regulatory and legal standards along with their associated reporting requirements. * Establish and maintain a program to track and monitor ATO and POAM completion to ensure timely execution of processes and plans to maintain compliance standards. * Develop strategic roadmaps for capabilities and services to achieve RI&S federal compliance standards and authorizations (ATOs) at the speed of the business. * Coordinate and support audit activities of the RI&S computing environment, focused on DoD and federal security controls, with process and control owners and internal/external auditors * Assist process and control owners to understand cybersecurity related assessments and audit results, identify remediation options, prioritize and see them through to completion * Assist in the development of appropriate security documentation, including system security plans, information security policies and procedures to ensure compliance with government, legal, and regulatory standard requirements * Assist product line and program leaders in assessing compliance impacts to systems and applications * Stay abreast with current & emerging industry related IT security federal regulations, and compliance standards. * Support RI&S and RTX participation in security forums and standards working groups. Qualifications: * 14+ years of progressive cybersecurity or compliance experience with a B.S. degree in Science, Technology, Engineering or Mathematics (STEM) or ten years of progressive cybersecurity or compliance experience, and an M.S./M.A. degree. * Network architecture experience with advanced knowledge of network technologies/protocols and computer security concepts in a large scale networking environment. * Experience with operational, compliance, and IT security audit functions including NIST 800-53, NIST 800-37, NIST 800-171, and ISO 27001, or COBIT. * Strong comprehension of Information Security concepts and practices including vulnerability and compliance tools and processes, awareness of vulnerabilities, emerging threats, and the ability to map adversarial tactics to effective controls. * Demonstrated ability to lead, manage and be fully accountable for a geographically dispersed virtual team supporting a fast-paced work environment. * Good social, verbal, and written communication skills, with demonstrated ability to develop and effectively communicate cybersecurity matters and processes to senior management and executive audiences. * Strategic planning experience including documenting workflows, developing service roadmaps and future state plans. * Strong deductive reasoning, critical thinking, problem solving, and prioritization skills. * Certified security expert - CISSP or CISM and CISA. * Existing Secret clearance required Desired Qualifications: * Understanding of cloud-based IT systems or hybrid cloud delivery models designing, developing in, or transitioning systems and processes to the cloud * Understanding of developing, testing, implementing, and maintaining complex applications and/or databases including web applications and interfaces * Six Sigma and / or Lean certification This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.185277 Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.
We are currently seeking an Associate Director to build and lead the OneMain Cybersecurity Exercise Program as part of our Cybersecurity Resilience team. It is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. This lead will report to the Director of Cybersecurity Resilience within the function of the Cyber Risk team. The Exercise Manager is responsible for the full life-cycle of exercise activities (plan, design, execution and evaluation) from cybersecurity workforce drills, enterprise and business level tabletop exercises and multi-day simulation events with both cybersecurity and business impacts being tested across all stakeholders in the incident response plan. The result of these activities supports the overall team strategy and capability uplift and will focus on strengthening our incident response and coordination processes within OneMain Financial. The position will own all post-exercise after action analysis, reporting, assessment and documenting and driving resolution on gaps identified to improve our operational resilience. The successful candidate will need to have a passion for delivering exceptional cyber exercises, excellent communications skills, and a commitment to innovation in the exercise design arena. Responsibilities: Build the program to support all enterprise cyber exercise types to include seminars, workshops, tabletops, drills, functional business focused exercises, and full scale enterprise simulations.Plan, design and develop, facilitate, evaluaPerform planning, facilitation, documentation development, and coordinate follow-up activities for the Cyber exercise program. Coordinate exercise planning teams comprised of OneMain employees with varied technical and non-technical backgrounds to plan and execute cybersecurity exercises, including tabletop discussions.Work with internal teams to identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios and objectives. Assesses observations and findings during exercises, communicate findings to stakeholders and escalate high risk findings to appropriate risk remediation efforts.Develop senior executive and Board level presentations and exercise materials. Comprehensive knowledge of resilience and recovery strategies in complex organizations to include solid understanding of disaster recovery methodologies and business continuity principles.Required Qualifications 5+ years of experience designing and executing cybersecurity or resilience exercises (plan, design, execution, and evaluation).Demonstrated leadership across cybersecurity, business continuity, disaster recovery, or information technology teams .Candidate requires a working knowledge of security operations, incident response, threat & vulnerability management, and threat intelligence. Knowledge of enterprise systems and infrastructure. Comprehensive knowledge of resilience and recovery strategies in complex organizations.Strong verbal, written communications skills and presentation skills.Expert knowledge of cybersecurity and exercise best practices, including NIST Cybersecurity Framework, National Cyber Exercise and Planning Program doctrine,Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders. Proven experience in leading diverse teams made up of direct reports, indirect reports, consultants, and managed service providers is required. Experience leading geographically diverse teams is a plus.Experience communicating with senior executives as well as technical and financial business colleagues. Master communicator and active listener who understands how to navigate an audience. Proven success delivering solutions to minimize our cyber risk for an enterprisePrior experience working in a fast paced and flexible environment with many conflicting priorities. Experience prioritizing projects and staff time based on other commitments and risk is required.Prior experience working in high visibility positions is required. Ability to attract and retain high performing talent Desired Qualifications 3+ years of experience in incident response operations or supporting training for incident response. 3+ years of Cyber Resilience experience.Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution. The ability to understand the financial, brand and eruptional effect of incidents, as well as an ability to communicate this to all levels of personnel.Strong IT security or disaster recovery support background.Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.Benefits:Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That's why we packed our comprehensive benefits package for full- and some part-timers with:Health and wellbeing options for team members and their dependentsUp to 4% matching 401(k)Tuition reimbursementContinuing educationBonus eligiblePaid time offPaid volunteer time And more Our Company:OneMain Financial is the country's largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every day-online and at 1,500 branches in 44 states-to help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. It's all about doing the right thing-a mission that hasn't changed for more than 100 years.#LI-EK1
09/25/2021
Full time
We are currently seeking an Associate Director to build and lead the OneMain Cybersecurity Exercise Program as part of our Cybersecurity Resilience team. It is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. This lead will report to the Director of Cybersecurity Resilience within the function of the Cyber Risk team. The Exercise Manager is responsible for the full life-cycle of exercise activities (plan, design, execution and evaluation) from cybersecurity workforce drills, enterprise and business level tabletop exercises and multi-day simulation events with both cybersecurity and business impacts being tested across all stakeholders in the incident response plan. The result of these activities supports the overall team strategy and capability uplift and will focus on strengthening our incident response and coordination processes within OneMain Financial. The position will own all post-exercise after action analysis, reporting, assessment and documenting and driving resolution on gaps identified to improve our operational resilience. The successful candidate will need to have a passion for delivering exceptional cyber exercises, excellent communications skills, and a commitment to innovation in the exercise design arena. Responsibilities: Build the program to support all enterprise cyber exercise types to include seminars, workshops, tabletops, drills, functional business focused exercises, and full scale enterprise simulations.Plan, design and develop, facilitate, evaluaPerform planning, facilitation, documentation development, and coordinate follow-up activities for the Cyber exercise program. Coordinate exercise planning teams comprised of OneMain employees with varied technical and non-technical backgrounds to plan and execute cybersecurity exercises, including tabletop discussions.Work with internal teams to identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios and objectives. Assesses observations and findings during exercises, communicate findings to stakeholders and escalate high risk findings to appropriate risk remediation efforts.Develop senior executive and Board level presentations and exercise materials. Comprehensive knowledge of resilience and recovery strategies in complex organizations to include solid understanding of disaster recovery methodologies and business continuity principles.Required Qualifications 5+ years of experience designing and executing cybersecurity or resilience exercises (plan, design, execution, and evaluation).Demonstrated leadership across cybersecurity, business continuity, disaster recovery, or information technology teams .Candidate requires a working knowledge of security operations, incident response, threat & vulnerability management, and threat intelligence. Knowledge of enterprise systems and infrastructure. Comprehensive knowledge of resilience and recovery strategies in complex organizations.Strong verbal, written communications skills and presentation skills.Expert knowledge of cybersecurity and exercise best practices, including NIST Cybersecurity Framework, National Cyber Exercise and Planning Program doctrine,Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders. Proven experience in leading diverse teams made up of direct reports, indirect reports, consultants, and managed service providers is required. Experience leading geographically diverse teams is a plus.Experience communicating with senior executives as well as technical and financial business colleagues. Master communicator and active listener who understands how to navigate an audience. Proven success delivering solutions to minimize our cyber risk for an enterprisePrior experience working in a fast paced and flexible environment with many conflicting priorities. Experience prioritizing projects and staff time based on other commitments and risk is required.Prior experience working in high visibility positions is required. Ability to attract and retain high performing talent Desired Qualifications 3+ years of experience in incident response operations or supporting training for incident response. 3+ years of Cyber Resilience experience.Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution. The ability to understand the financial, brand and eruptional effect of incidents, as well as an ability to communicate this to all levels of personnel.Strong IT security or disaster recovery support background.Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.Benefits:Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That's why we packed our comprehensive benefits package for full- and some part-timers with:Health and wellbeing options for team members and their dependentsUp to 4% matching 401(k)Tuition reimbursementContinuing educationBonus eligiblePaid time offPaid volunteer time And more Our Company:OneMain Financial is the country's largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every day-online and at 1,500 branches in 44 states-to help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. It's all about doing the right thing-a mission that hasn't changed for more than 100 years.#LI-EK1
We are currently seeking an Associate Director to build and lead the OneMain Cybersecurity Exercise Program as part of our Cybersecurity Resilience team. It is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. This lead will report to the Director of Cybersecurity Resilience within the function of the Cyber Risk team. The Exercise Manager is responsible for the full life-cycle of exercise activities (plan, design, execution and evaluation) from cybersecurity workforce drills, enterprise and business level tabletop exercises and multi-day simulation events with both cybersecurity and business impacts being tested across all stakeholders in the incident response plan. The result of these activities supports the overall team strategy and capability uplift and will focus on strengthening our incident response and coordination processes within OneMain Financial. The position will own all post-exercise after action analysis, reporting, assessment and documenting and driving resolution on gaps identified to improve our operational resilience. The successful candidate will need to have a passion for delivering exceptional cyber exercises, excellent communications skills, and a commitment to innovation in the exercise design arena. Responsibilities: Build the program to support all enterprise cyber exercise types to include seminars, workshops, tabletops, drills, functional business focused exercises, and full scale enterprise simulations.Plan, design and develop, facilitate, evaluaPerform planning, facilitation, documentation development, and coordinate follow-up activities for the Cyber exercise program. Coordinate exercise planning teams comprised of OneMain employees with varied technical and non-technical backgrounds to plan and execute cybersecurity exercises, including tabletop discussions.Work with internal teams to identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios and objectives. Assesses observations and findings during exercises, communicate findings to stakeholders and escalate high risk findings to appropriate risk remediation efforts.Develop senior executive and Board level presentations and exercise materials. Comprehensive knowledge of resilience and recovery strategies in complex organizations to include solid understanding of disaster recovery methodologies and business continuity principles.Required Qualifications 5+ years of experience designing and executing cybersecurity or resilience exercises (plan, design, execution, and evaluation).Demonstrated leadership across cybersecurity, business continuity, disaster recovery, or information technology teams .Candidate requires a working knowledge of security operations, incident response, threat & vulnerability management, and threat intelligence. Knowledge of enterprise systems and infrastructure. Comprehensive knowledge of resilience and recovery strategies in complex organizations.Strong verbal, written communications skills and presentation skills.Expert knowledge of cybersecurity and exercise best practices, including NIST Cybersecurity Framework, National Cyber Exercise and Planning Program doctrine,Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders. Proven experience in leading diverse teams made up of direct reports, indirect reports, consultants, and managed service providers is required. Experience leading geographically diverse teams is a plus.Experience communicating with senior executives as well as technical and financial business colleagues. Master communicator and active listener who understands how to navigate an audience. Proven success delivering solutions to minimize our cyber risk for an enterprisePrior experience working in a fast paced and flexible environment with many conflicting priorities. Experience prioritizing projects and staff time based on other commitments and risk is required.Prior experience working in high visibility positions is required. Ability to attract and retain high performing talent Desired Qualifications 3+ years of experience in incident response operations or supporting training for incident response. 3+ years of Cyber Resilience experience.Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution. The ability to understand the financial, brand and eruptional effect of incidents, as well as an ability to communicate this to all levels of personnel.Strong IT security or disaster recovery support background.Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.Benefits:Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That's why we packed our comprehensive benefits package for full- and some part-timers with:Health and wellbeing options for team members and their dependentsUp to 4% matching 401(k)Tuition reimbursementContinuing educationBonus eligiblePaid time offPaid volunteer time And more Our Company:OneMain Financial is the country's largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every day-online and at 1,500 branches in 44 states-to help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. It's all about doing the right thing-a mission that hasn't changed for more than 100 years.#LI-EK1
09/24/2021
Full time
We are currently seeking an Associate Director to build and lead the OneMain Cybersecurity Exercise Program as part of our Cybersecurity Resilience team. It is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. This lead will report to the Director of Cybersecurity Resilience within the function of the Cyber Risk team. The Exercise Manager is responsible for the full life-cycle of exercise activities (plan, design, execution and evaluation) from cybersecurity workforce drills, enterprise and business level tabletop exercises and multi-day simulation events with both cybersecurity and business impacts being tested across all stakeholders in the incident response plan. The result of these activities supports the overall team strategy and capability uplift and will focus on strengthening our incident response and coordination processes within OneMain Financial. The position will own all post-exercise after action analysis, reporting, assessment and documenting and driving resolution on gaps identified to improve our operational resilience. The successful candidate will need to have a passion for delivering exceptional cyber exercises, excellent communications skills, and a commitment to innovation in the exercise design arena. Responsibilities: Build the program to support all enterprise cyber exercise types to include seminars, workshops, tabletops, drills, functional business focused exercises, and full scale enterprise simulations.Plan, design and develop, facilitate, evaluaPerform planning, facilitation, documentation development, and coordinate follow-up activities for the Cyber exercise program. Coordinate exercise planning teams comprised of OneMain employees with varied technical and non-technical backgrounds to plan and execute cybersecurity exercises, including tabletop discussions.Work with internal teams to identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios and objectives. Assesses observations and findings during exercises, communicate findings to stakeholders and escalate high risk findings to appropriate risk remediation efforts.Develop senior executive and Board level presentations and exercise materials. Comprehensive knowledge of resilience and recovery strategies in complex organizations to include solid understanding of disaster recovery methodologies and business continuity principles.Required Qualifications 5+ years of experience designing and executing cybersecurity or resilience exercises (plan, design, execution, and evaluation).Demonstrated leadership across cybersecurity, business continuity, disaster recovery, or information technology teams .Candidate requires a working knowledge of security operations, incident response, threat & vulnerability management, and threat intelligence. Knowledge of enterprise systems and infrastructure. Comprehensive knowledge of resilience and recovery strategies in complex organizations.Strong verbal, written communications skills and presentation skills.Expert knowledge of cybersecurity and exercise best practices, including NIST Cybersecurity Framework, National Cyber Exercise and Planning Program doctrine,Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders. Proven experience in leading diverse teams made up of direct reports, indirect reports, consultants, and managed service providers is required. Experience leading geographically diverse teams is a plus.Experience communicating with senior executives as well as technical and financial business colleagues. Master communicator and active listener who understands how to navigate an audience. Proven success delivering solutions to minimize our cyber risk for an enterprisePrior experience working in a fast paced and flexible environment with many conflicting priorities. Experience prioritizing projects and staff time based on other commitments and risk is required.Prior experience working in high visibility positions is required. Ability to attract and retain high performing talent Desired Qualifications 3+ years of experience in incident response operations or supporting training for incident response. 3+ years of Cyber Resilience experience.Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution. The ability to understand the financial, brand and eruptional effect of incidents, as well as an ability to communicate this to all levels of personnel.Strong IT security or disaster recovery support background.Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.Benefits:Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That's why we packed our comprehensive benefits package for full- and some part-timers with:Health and wellbeing options for team members and their dependentsUp to 4% matching 401(k)Tuition reimbursementContinuing educationBonus eligiblePaid time offPaid volunteer time And more Our Company:OneMain Financial is the country's largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every day-online and at 1,500 branches in 44 states-to help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. It's all about doing the right thing-a mission that hasn't changed for more than 100 years.#LI-EK1
OnemainFinancial
New York City (Manhattan), New York
We are currently seeking an Associate Director to build and lead the OneMain Cybersecurity Exercise Program as part of our Cybersecurity Resilience team. It is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. This lead will report to the Director of Cybersecurity Resilience within the function of the Cyber Risk team. The Exercise Manager is responsible for the full life-cycle of exercise activities (plan, design, execution and evaluation) from cybersecurity workforce drills, enterprise and business level tabletop exercises and multi-day simulation events with both cybersecurity and business impacts being tested across all stakeholders in the incident response plan. The result of these activities supports the overall team strategy and capability uplift and will focus on strengthening our incident response and coordination processes within OneMain Financial. The position will own all post-exercise after action analysis, reporting, assessment and documenting and driving resolution on gaps identified to improve our operational resilience. The successful candidate will need to have a passion for delivering exceptional cyber exercises, excellent communications skills, and a commitment to innovation in the exercise design arena. Responsibilities: Build the program to support all enterprise cyber exercise types to include seminars, workshops, tabletops, drills, functional business focused exercises, and full scale enterprise simulations.Plan, design and develop, facilitate, evaluaPerform planning, facilitation, documentation development, and coordinate follow-up activities for the Cyber exercise program. Coordinate exercise planning teams comprised of OneMain employees with varied technical and non-technical backgrounds to plan and execute cybersecurity exercises, including tabletop discussions.Work with internal teams to identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios and objectives. Assesses observations and findings during exercises, communicate findings to stakeholders and escalate high risk findings to appropriate risk remediation efforts.Develop senior executive and Board level presentations and exercise materials. Comprehensive knowledge of resilience and recovery strategies in complex organizations to include solid understanding of disaster recovery methodologies and business continuity principles.Required Qualifications 5+ years of experience designing and executing cybersecurity or resilience exercises (plan, design, execution, and evaluation).Demonstrated leadership across cybersecurity, business continuity, disaster recovery, or information technology teams .Candidate requires a working knowledge of security operations, incident response, threat & vulnerability management, and threat intelligence. Knowledge of enterprise systems and infrastructure. Comprehensive knowledge of resilience and recovery strategies in complex organizations.Strong verbal, written communications skills and presentation skills.Expert knowledge of cybersecurity and exercise best practices, including NIST Cybersecurity Framework, National Cyber Exercise and Planning Program doctrine,Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders. Proven experience in leading diverse teams made up of direct reports, indirect reports, consultants, and managed service providers is required. Experience leading geographically diverse teams is a plus.Experience communicating with senior executives as well as technical and financial business colleagues. Master communicator and active listener who understands how to navigate an audience. Proven success delivering solutions to minimize our cyber risk for an enterprisePrior experience working in a fast paced and flexible environment with many conflicting priorities. Experience prioritizing projects and staff time based on other commitments and risk is required.Prior experience working in high visibility positions is required. Ability to attract and retain high performing talent Desired Qualifications 3+ years of experience in incident response operations or supporting training for incident response. 3+ years of Cyber Resilience experience.Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution. The ability to understand the financial, brand and eruptional effect of incidents, as well as an ability to communicate this to all levels of personnel.Strong IT security or disaster recovery support background.Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.Benefits:Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That's why we packed our comprehensive benefits package for full- and some part-timers with:Health and wellbeing options for team members and their dependentsUp to 4% matching 401(k)Tuition reimbursementContinuing educationBonus eligiblePaid time offPaid volunteer time And more Our Company:OneMain Financial is the country's largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every day-online and at 1,500 branches in 44 states-to help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. It's all about doing the right thing-a mission that hasn't changed for more than 100 years.#LI-EK1
09/24/2021
Full time
We are currently seeking an Associate Director to build and lead the OneMain Cybersecurity Exercise Program as part of our Cybersecurity Resilience team. It is a fast-growing team focused on providing expert insight into risk, developing team members, and effective oversight of cybersecurity and technology risk. This is a team where you can work with great team members across the Cyber Risk, Cyber Tech, Risk Management, and Technology organizations. You will be challenged to excel with exciting and challenging opportunities daily. There is transparency and great support from management teams to allow team members to be effective, grow their careers and meet company goals. Hard work and initiative are rewarded and recognized by management and colleagues alike, which promotes a culture of respect and value across the organization. This lead will report to the Director of Cybersecurity Resilience within the function of the Cyber Risk team. The Exercise Manager is responsible for the full life-cycle of exercise activities (plan, design, execution and evaluation) from cybersecurity workforce drills, enterprise and business level tabletop exercises and multi-day simulation events with both cybersecurity and business impacts being tested across all stakeholders in the incident response plan. The result of these activities supports the overall team strategy and capability uplift and will focus on strengthening our incident response and coordination processes within OneMain Financial. The position will own all post-exercise after action analysis, reporting, assessment and documenting and driving resolution on gaps identified to improve our operational resilience. The successful candidate will need to have a passion for delivering exceptional cyber exercises, excellent communications skills, and a commitment to innovation in the exercise design arena. Responsibilities: Build the program to support all enterprise cyber exercise types to include seminars, workshops, tabletops, drills, functional business focused exercises, and full scale enterprise simulations.Plan, design and develop, facilitate, evaluaPerform planning, facilitation, documentation development, and coordinate follow-up activities for the Cyber exercise program. Coordinate exercise planning teams comprised of OneMain employees with varied technical and non-technical backgrounds to plan and execute cybersecurity exercises, including tabletop discussions.Work with internal teams to identify cyber risks, design threat scenarios, identify key stakeholders and participants, and execute the exercise against the planned scenarios and objectives. Assesses observations and findings during exercises, communicate findings to stakeholders and escalate high risk findings to appropriate risk remediation efforts.Develop senior executive and Board level presentations and exercise materials. Comprehensive knowledge of resilience and recovery strategies in complex organizations to include solid understanding of disaster recovery methodologies and business continuity principles.Required Qualifications 5+ years of experience designing and executing cybersecurity or resilience exercises (plan, design, execution, and evaluation).Demonstrated leadership across cybersecurity, business continuity, disaster recovery, or information technology teams .Candidate requires a working knowledge of security operations, incident response, threat & vulnerability management, and threat intelligence. Knowledge of enterprise systems and infrastructure. Comprehensive knowledge of resilience and recovery strategies in complex organizations.Strong verbal, written communications skills and presentation skills.Expert knowledge of cybersecurity and exercise best practices, including NIST Cybersecurity Framework, National Cyber Exercise and Planning Program doctrine,Outstanding interpersonal skills to effectively build relations and interact with stakeholders all levels within the organization with proven success in building and developing strong relationships with business stakeholders. Proven experience in leading diverse teams made up of direct reports, indirect reports, consultants, and managed service providers is required. Experience leading geographically diverse teams is a plus.Experience communicating with senior executives as well as technical and financial business colleagues. Master communicator and active listener who understands how to navigate an audience. Proven success delivering solutions to minimize our cyber risk for an enterprisePrior experience working in a fast paced and flexible environment with many conflicting priorities. Experience prioritizing projects and staff time based on other commitments and risk is required.Prior experience working in high visibility positions is required. Ability to attract and retain high performing talent Desired Qualifications 3+ years of experience in incident response operations or supporting training for incident response. 3+ years of Cyber Resilience experience.Adaptable and comfortable with ambiguity, yet eager to understand the root cause of a challenge and drive a solution. The ability to understand the financial, brand and eruptional effect of incidents, as well as an ability to communicate this to all levels of personnel.Strong IT security or disaster recovery support background.Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.Benefits:Because we want our team members to bring us their very best every day, we believe they deserve the right opportunities and benefits. That's why we packed our comprehensive benefits package for full- and some part-timers with:Health and wellbeing options for team members and their dependentsUp to 4% matching 401(k)Tuition reimbursementContinuing educationBonus eligiblePaid time offPaid volunteer time And more Our Company:OneMain Financial is the country's largest lending-exclusive financial company, proudly serving millions of customers with safe, affordable and transparent installment loans. Our customers turn to us every day-online and at 1,500 branches in 44 states-to help them take control and improve their financial lives with solutions for debt consolidation, medical expenses, household bills, home improvements and auto purchases. Our talented and dedicated team members constantly look for responsible ways to serve our customers when, where and how they want. It's all about doing the right thing-a mission that hasn't changed for more than 100 years.#LI-EK1
Job Description: The Raytheon Intelligence & Space (RI&S) business is seeking an experienced federal compliance leader to lead a team in all aspects of federal cybersecurity risk, audit and compliance processes. The Director - Federal Risk & Compliance will be responsible for ensuring the RI&S network, programs, global sites and subsidiary security controls and processes are architected and designed in a manner to ensure continuous compliance with all federal policies, standards, regulations, procedures and applicable laws. The Director will be responsible for engaging with Enterprise Services, RI&S business product line leaders, program leaders, subsidiaries, global sites and process owners on the documentation, evaluation, and monitoring of the appropriate federal cybersecurity controls across the RI&S computing environment. The ideal candidate will also have experience in both compliance and operational audits, as well as prior hands-on cybersecurity experiences in the defense industry and/or federal agencies. Key Responsibilities: * Manage and lead a team of IT security and compliance experts responsible for identifying and driving the RI&S business cybersecurity standards and processes needed to continuously comply with federal regulatory and legal standards along with their associated reporting requirements. * Establish and maintain a program to track and monitor ATO and POAM completion to ensure timely execution of processes and plans to maintain compliance standards. * Develop strategic roadmaps for capabilities and services to achieve RI&S federal compliance standards and authorizations (ATOs) at the speed of the business. * Coordinate and support audit activities of the RI&S computing environment, focused on DoD and federal security controls, with process and control owners and internal/external auditors * Assist process and control owners to understand cybersecurity related assessments and audit results, identify remediation options, prioritize and see them through to completion * Assist in the development of appropriate security documentation, including system security plans, information security policies and procedures to ensure compliance with government, legal, and regulatory standard requirements * Assist product line and program leaders in assessing compliance impacts to systems and applications * Stay abreast with current & emerging industry related IT security federal regulations, and compliance standards. * Support RI&S and RTX participation in security forums and standards working groups. Qualifications: * 14+ years of progressive cybersecurity or compliance experience with a B.S. degree in Science, Technology, Engineering or Mathematics (STEM) or ten years of progressive cybersecurity or compliance experience, and an M.S./M.A. degree. * Network architecture experience with advanced knowledge of network technologies/protocols and computer security concepts in a large scale networking environment. * Experience with operational, compliance, and IT security audit functions including NIST 800-53, NIST 800-37, NIST 800-171, and ISO 27001, or COBIT. * Strong comprehension of Information Security concepts and practices including vulnerability and compliance tools and processes, awareness of vulnerabilities, emerging threats, and the ability to map adversarial tactics to effective controls. * Demonstrated ability to lead, manage and be fully accountable for a geographically dispersed virtual team supporting a fast-paced work environment. * Good social, verbal, and written communication skills, with demonstrated ability to develop and effectively communicate cybersecurity matters and processes to senior management and executive audiences. * Strategic planning experience including documenting workflows, developing service roadmaps and future state plans. * Strong deductive reasoning, critical thinking, problem solving, and prioritization skills. * Certified security expert - CISSP or CISM and CISA. * Existing Secret clearance required Desired Qualifications: * Understanding of cloud-based IT systems or hybrid cloud delivery models designing, developing in, or transitioning systems and processes to the cloud * Understanding of developing, testing, implementing, and maintaining complex applications and/or databases including web applications and interfaces * Six Sigma and / or Lean certification This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.185277 Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.
09/22/2021
Full time
Job Description: The Raytheon Intelligence & Space (RI&S) business is seeking an experienced federal compliance leader to lead a team in all aspects of federal cybersecurity risk, audit and compliance processes. The Director - Federal Risk & Compliance will be responsible for ensuring the RI&S network, programs, global sites and subsidiary security controls and processes are architected and designed in a manner to ensure continuous compliance with all federal policies, standards, regulations, procedures and applicable laws. The Director will be responsible for engaging with Enterprise Services, RI&S business product line leaders, program leaders, subsidiaries, global sites and process owners on the documentation, evaluation, and monitoring of the appropriate federal cybersecurity controls across the RI&S computing environment. The ideal candidate will also have experience in both compliance and operational audits, as well as prior hands-on cybersecurity experiences in the defense industry and/or federal agencies. Key Responsibilities: * Manage and lead a team of IT security and compliance experts responsible for identifying and driving the RI&S business cybersecurity standards and processes needed to continuously comply with federal regulatory and legal standards along with their associated reporting requirements. * Establish and maintain a program to track and monitor ATO and POAM completion to ensure timely execution of processes and plans to maintain compliance standards. * Develop strategic roadmaps for capabilities and services to achieve RI&S federal compliance standards and authorizations (ATOs) at the speed of the business. * Coordinate and support audit activities of the RI&S computing environment, focused on DoD and federal security controls, with process and control owners and internal/external auditors * Assist process and control owners to understand cybersecurity related assessments and audit results, identify remediation options, prioritize and see them through to completion * Assist in the development of appropriate security documentation, including system security plans, information security policies and procedures to ensure compliance with government, legal, and regulatory standard requirements * Assist product line and program leaders in assessing compliance impacts to systems and applications * Stay abreast with current & emerging industry related IT security federal regulations, and compliance standards. * Support RI&S and RTX participation in security forums and standards working groups. Qualifications: * 14+ years of progressive cybersecurity or compliance experience with a B.S. degree in Science, Technology, Engineering or Mathematics (STEM) or ten years of progressive cybersecurity or compliance experience, and an M.S./M.A. degree. * Network architecture experience with advanced knowledge of network technologies/protocols and computer security concepts in a large scale networking environment. * Experience with operational, compliance, and IT security audit functions including NIST 800-53, NIST 800-37, NIST 800-171, and ISO 27001, or COBIT. * Strong comprehension of Information Security concepts and practices including vulnerability and compliance tools and processes, awareness of vulnerabilities, emerging threats, and the ability to map adversarial tactics to effective controls. * Demonstrated ability to lead, manage and be fully accountable for a geographically dispersed virtual team supporting a fast-paced work environment. * Good social, verbal, and written communication skills, with demonstrated ability to develop and effectively communicate cybersecurity matters and processes to senior management and executive audiences. * Strategic planning experience including documenting workflows, developing service roadmaps and future state plans. * Strong deductive reasoning, critical thinking, problem solving, and prioritization skills. * Certified security expert - CISSP or CISM and CISA. * Existing Secret clearance required Desired Qualifications: * Understanding of cloud-based IT systems or hybrid cloud delivery models designing, developing in, or transitioning systems and processes to the cloud * Understanding of developing, testing, implementing, and maintaining complex applications and/or databases including web applications and interfaces * Six Sigma and / or Lean certification This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization.185277 Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.
At HUMAN, we are all about keeping it human. We are a cybersecurity company that protects enterprises from bot attacks to keep digital experiences human. We have the most advanced Human Verification Engine that protects applications, APIs, and digital media from bot attacks, preventing losses and improving the digital experience for real humans. Today, we verify the humanity of more than 10 trillion interactions per week for some of the largest enterprises and platforms across the internet. Founded in 2012 in a Brooklyn sci-fi bookstore, our Human Verification Engine protects enterprises from the sophisticated bots that threaten them. It's an ongoing war that we fight passionately every day. Join our mission to stop bots, disrupt the economics of cybercrime, and keep it human. We're looking for an Events Marketing Manager to join the Brand Experience team supporting our activations across Cybersecurity, Channel and, Ecosystem Marketing . Reporting to the VP, Corporate Marketing, this role will play a key role in spreading the word about HUMAN with our partners and prospects. You will be a part of the HUMAN front line in our dedication to helping protect companies from both revenue and reputation risk caused by malicious bots! This is an outstanding opportunity to join an industry leader in eradicating fraud from the digital ecosystem while working with some of the brightest minds in cyber security. If you're looking for a role where you can make the internet a safer place for future generations (capes and masks optional), while helping us achieve exponential growth, then this role is for you. What you will do: Passionately and independently lead all aspects of on-site and off-site events, prioritizing to handle event production effectively, including planning, budgeting, execution, and post-event reconciliation. Events include meaningful industry events such as Black Hat & RSA, custom client events, VIP dinners, as well as internal offsites, and corporate retreats. This applies to both digital and live events. Collaborate with the marketing team and internal business units to craft and execute event strategies. Plan and run site inspections, develop and maintain program timelines, handle program budget, and plan all program logistics acting as the show producer. Work with Art Director to craft each event environment to achieve brand goals and purposes that align with company vision and key objectives. Lead and implement sophisticated logistical elements of the program, including sourcing, meeting space design, attendee management, travel, transportation, technology platforms, F&B, AV, entertainment, security, and shipping/receiving. Handle vendors, freelance contractors, and venues including hotels, technical producers, and all third-party suppliers from procurement to completion. Develop, maintain, and reconcile budgets by negotiating vendor agreements to maximize company savings aligned with department goals. Effectively lead event staff and HUMAN attendees, including conducting training sessions to engage support teams fully Travel onsite to programs to ensure continuity and outstanding business partner service (when comfortable pending COVID situation) Supervise reconciliation of final bill and post-program results and coordinate post-con reporting, including event analysis, reports of spending, attendance feedback, and other return on investment metrics for company records Maintain strong relationships with our network of partners and vendors Create initiatives to evolve department based on changing business needs, as well as feedback from business partners, team members, and vendors Track department metrics (i.e. event volume, cost savings, and key achievements for quarterly reporting) Work with the broader team to assign event projects to the team based on skill sets and development opportunities; hire and develop contractors as needed to support business needs Own follow-up, collection of leads, and ensure the accurate transition for sales follow-up Run the sourcing and ordering of promotional materials (swag) for events and promotions Who you are: You are proactive, creative, and thoughtful. You have great energy and love to create interesting and unique experiences for others! 3+ years of experience in event and project management (familiarity, experience with, or passion for the advertising/marketing or cybersecurity industries a plus!) Experience managing large, complex events from inception to final reconciliation with strong negotiation skills Experienced in event management, including venue sourcing, budgeting, F&B, meeting space, AV/production, registration, transportation, event technology, logistics Excellent verbal and written communication skills with the ability to handle client and vendor relationships Comfortable presenting to and supporting C-Suite executives consistently Able to multitask and prioritize workload while leading multiple projects at once Strategic problem-solver and solutions-orientated consultant in all program-related matters capable of seeing the bigger vision and aligning daily activities in accordance with the company vision Able to create and promote new and innovative event ideas and design to deliver outstanding user experiences Positive mentality and great teammate with the willingness to roll up sleeves when necessary Familiarity with the fundamentals of marketing and the desire to expand skillset within a growing team Tech-savvy with knowledge of Google Suite. Proficiency with event technology providers preferred (ex. Splash, Social Tables) Value having fun while producing top results with a highly functioning team Able to travel up to 30% for conferences, site inspections, industry events Benefits & Perks: Unlimited vacation policy Competitive salary and bonus structure Medical, dental, and vision insurance for all full-time employees Fully paid parental leave Professional development fund Great coaching from senior leaders and challenging development opportunities Life at HUMAN: Our HQ office is located in NYC, but we have HUMANs all over the world. We are growing the company deliberately with a keen eye towards maintaining a culture that values diversity, work/life harmony, and career growth. We are doing meaningful work, and we need people to join our mighty team. We have offices located in NYC, Virginia, Victoria, and London, and remote HUMANs in cities around the globe. We work with most of the largest platforms and enterprises on the planet. We're focused and propelled by a substantive mission. We're building a very sophisticated product that fights a real threat to humanity. We understand it takes a diverse team of passionate, curious, and, creative people to solve the challenges involved in protecting the Internet. Our dynamic team of HUMANs have incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
09/13/2021
At HUMAN, we are all about keeping it human. We are a cybersecurity company that protects enterprises from bot attacks to keep digital experiences human. We have the most advanced Human Verification Engine that protects applications, APIs, and digital media from bot attacks, preventing losses and improving the digital experience for real humans. Today, we verify the humanity of more than 10 trillion interactions per week for some of the largest enterprises and platforms across the internet. Founded in 2012 in a Brooklyn sci-fi bookstore, our Human Verification Engine protects enterprises from the sophisticated bots that threaten them. It's an ongoing war that we fight passionately every day. Join our mission to stop bots, disrupt the economics of cybercrime, and keep it human. We're looking for an Events Marketing Manager to join the Brand Experience team supporting our activations across Cybersecurity, Channel and, Ecosystem Marketing . Reporting to the VP, Corporate Marketing, this role will play a key role in spreading the word about HUMAN with our partners and prospects. You will be a part of the HUMAN front line in our dedication to helping protect companies from both revenue and reputation risk caused by malicious bots! This is an outstanding opportunity to join an industry leader in eradicating fraud from the digital ecosystem while working with some of the brightest minds in cyber security. If you're looking for a role where you can make the internet a safer place for future generations (capes and masks optional), while helping us achieve exponential growth, then this role is for you. What you will do: Passionately and independently lead all aspects of on-site and off-site events, prioritizing to handle event production effectively, including planning, budgeting, execution, and post-event reconciliation. Events include meaningful industry events such as Black Hat & RSA, custom client events, VIP dinners, as well as internal offsites, and corporate retreats. This applies to both digital and live events. Collaborate with the marketing team and internal business units to craft and execute event strategies. Plan and run site inspections, develop and maintain program timelines, handle program budget, and plan all program logistics acting as the show producer. Work with Art Director to craft each event environment to achieve brand goals and purposes that align with company vision and key objectives. Lead and implement sophisticated logistical elements of the program, including sourcing, meeting space design, attendee management, travel, transportation, technology platforms, F&B, AV, entertainment, security, and shipping/receiving. Handle vendors, freelance contractors, and venues including hotels, technical producers, and all third-party suppliers from procurement to completion. Develop, maintain, and reconcile budgets by negotiating vendor agreements to maximize company savings aligned with department goals. Effectively lead event staff and HUMAN attendees, including conducting training sessions to engage support teams fully Travel onsite to programs to ensure continuity and outstanding business partner service (when comfortable pending COVID situation) Supervise reconciliation of final bill and post-program results and coordinate post-con reporting, including event analysis, reports of spending, attendance feedback, and other return on investment metrics for company records Maintain strong relationships with our network of partners and vendors Create initiatives to evolve department based on changing business needs, as well as feedback from business partners, team members, and vendors Track department metrics (i.e. event volume, cost savings, and key achievements for quarterly reporting) Work with the broader team to assign event projects to the team based on skill sets and development opportunities; hire and develop contractors as needed to support business needs Own follow-up, collection of leads, and ensure the accurate transition for sales follow-up Run the sourcing and ordering of promotional materials (swag) for events and promotions Who you are: You are proactive, creative, and thoughtful. You have great energy and love to create interesting and unique experiences for others! 3+ years of experience in event and project management (familiarity, experience with, or passion for the advertising/marketing or cybersecurity industries a plus!) Experience managing large, complex events from inception to final reconciliation with strong negotiation skills Experienced in event management, including venue sourcing, budgeting, F&B, meeting space, AV/production, registration, transportation, event technology, logistics Excellent verbal and written communication skills with the ability to handle client and vendor relationships Comfortable presenting to and supporting C-Suite executives consistently Able to multitask and prioritize workload while leading multiple projects at once Strategic problem-solver and solutions-orientated consultant in all program-related matters capable of seeing the bigger vision and aligning daily activities in accordance with the company vision Able to create and promote new and innovative event ideas and design to deliver outstanding user experiences Positive mentality and great teammate with the willingness to roll up sleeves when necessary Familiarity with the fundamentals of marketing and the desire to expand skillset within a growing team Tech-savvy with knowledge of Google Suite. Proficiency with event technology providers preferred (ex. Splash, Social Tables) Value having fun while producing top results with a highly functioning team Able to travel up to 30% for conferences, site inspections, industry events Benefits & Perks: Unlimited vacation policy Competitive salary and bonus structure Medical, dental, and vision insurance for all full-time employees Fully paid parental leave Professional development fund Great coaching from senior leaders and challenging development opportunities Life at HUMAN: Our HQ office is located in NYC, but we have HUMANs all over the world. We are growing the company deliberately with a keen eye towards maintaining a culture that values diversity, work/life harmony, and career growth. We are doing meaningful work, and we need people to join our mighty team. We have offices located in NYC, Virginia, Victoria, and London, and remote HUMANs in cities around the globe. We work with most of the largest platforms and enterprises on the planet. We're focused and propelled by a substantive mission. We're building a very sophisticated product that fights a real threat to humanity. We understand it takes a diverse team of passionate, curious, and, creative people to solve the challenges involved in protecting the Internet. Our dynamic team of HUMANs have incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Principal Cybersecurity Application Security Specialist. Candidate is recognized across the organization for functional expertise in application security and penetration testing. The Principal Cybersecurity Application Security Specialist will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies. Responsibilities: Serve as the Subject Matter Expert for a collection of critical cybersecurity technologies, possessing the highest level of expertise in the design, deployment, maintenance and remediation of those technologies Expert level of proficiency with application security scanning tools and foundational concepts of secure development principles Expert level of penetration testing skill against cloud applications, traditional applications and infrastructure Provides a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure, applications and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other practitioners across the Digital organization to share best practices and insights Mentor and grow junior level associates Will coach and mentor less-experienced engineers and act as team leader on more complicated digital projects. QUALIFICATIONS Bachelor's degree in computer science, information systems, cybersecurity, or a related field and a minimum of 7 years related work experience. An additional four years of relevant work experience may substitute for the Bachelor's degree. A Master's degree can substitute for 2 years of work experience. Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) or Certified Information Systems Manager (CISM) preferred Strong communication and presentation skills Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Experience and strong working knowledge of vulnerability management tools Experience and a strong working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Full-stack knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup Direct experience designing IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services V. Work Environment Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.
09/10/2021
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Principal Cybersecurity Application Security Specialist. Candidate is recognized across the organization for functional expertise in application security and penetration testing. The Principal Cybersecurity Application Security Specialist will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies. Responsibilities: Serve as the Subject Matter Expert for a collection of critical cybersecurity technologies, possessing the highest level of expertise in the design, deployment, maintenance and remediation of those technologies Expert level of proficiency with application security scanning tools and foundational concepts of secure development principles Expert level of penetration testing skill against cloud applications, traditional applications and infrastructure Provides a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure, applications and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other practitioners across the Digital organization to share best practices and insights Mentor and grow junior level associates Will coach and mentor less-experienced engineers and act as team leader on more complicated digital projects. QUALIFICATIONS Bachelor's degree in computer science, information systems, cybersecurity, or a related field and a minimum of 7 years related work experience. An additional four years of relevant work experience may substitute for the Bachelor's degree. A Master's degree can substitute for 2 years of work experience. Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) or Certified Information Systems Manager (CISM) preferred Strong communication and presentation skills Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Experience and strong working knowledge of vulnerability management tools Experience and a strong working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Full-stack knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup Direct experience designing IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services V. Work Environment Listed below are key points regarding environmental demands and work environment of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Senior Cybersecurity IAM Engineer with Okta and SSO experience. Candidate will work as part of a team to achieve cybersecurity goals across the organization. The Senior Cybersecurity Engineer will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies. Responsibilities: Serve as a Subject Matter Expert for several critical cybersecurity technologies, possessing an expert level of knowledge in the design, deployment, maintenance and remediation of those technologies Provides expert level support of single sign-on, directory, multi-factor authentication, provisioning, certification, and privileged identity management Provides input into a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other security practitioners to share best practices and insights QUALIFICATIONS Bachelor's degree in computer science, information systems, cybersecurity, or a related field and a minimum of 3 years related work experience. An additional four years of relevant work experience may substitute for the Bachelor's degree. A Master's degree can substitute for 2 years of work experience. Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) desired, but not necessary The Senior Cybersecurity Engineer should have a minimum of 3 years of direct, documented, and verifiable experience with the following: Strong communication and presentation skills, including change management approaches for widely deploying new technologies to non-technical audiences Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of identity management tools Working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Working knowledge of vulnerability management tools Working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Significant knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services as part of a team
09/10/2021
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Senior Cybersecurity IAM Engineer with Okta and SSO experience. Candidate will work as part of a team to achieve cybersecurity goals across the organization. The Senior Cybersecurity Engineer will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies. Responsibilities: Serve as a Subject Matter Expert for several critical cybersecurity technologies, possessing an expert level of knowledge in the design, deployment, maintenance and remediation of those technologies Provides expert level support of single sign-on, directory, multi-factor authentication, provisioning, certification, and privileged identity management Provides input into a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other security practitioners to share best practices and insights QUALIFICATIONS Bachelor's degree in computer science, information systems, cybersecurity, or a related field and a minimum of 3 years related work experience. An additional four years of relevant work experience may substitute for the Bachelor's degree. A Master's degree can substitute for 2 years of work experience. Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) desired, but not necessary The Senior Cybersecurity Engineer should have a minimum of 3 years of direct, documented, and verifiable experience with the following: Strong communication and presentation skills, including change management approaches for widely deploying new technologies to non-technical audiences Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of identity management tools Working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Working knowledge of vulnerability management tools Working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Significant knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services as part of a team
NO SPONSORSHIP Lead Cybersecurity Applications Security Looking for a candidate with Applications Security, penetration testing, Cloud, DevOps, Python, JAVA, C# etc traditional applications vulnerability management working with applications Job Summary The Principal Cybersecurity Application Security Specialist is recognized across the organization for functional expertise in application security and penetration testing. The Principal Cybersecurity Application Security Specialist will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies. Responsibilities Serve as the Subject Matter Expert for a collection of critical cybersecurity technologies, possessing the highest level of expertise in the design, deployment, maintenance and remediation of those technologies Expert level of proficiency with application security scanning tools and foundational concepts of secure development principles Expert level of penetration testing skill against cloud applications, traditional applications and infrastructure Provides a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure, applications and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other practitioners across the Digital organization to share best practices and insights Mentor and grow junior level associates Qualifications Bachelor's Degree A minimum of 7 years related work experience Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) or Certified The Principal Cybersecurity Application Security Specialist should have a minimum of 5-7 years of direct, documented, and verifiable experience with the following: Strong communication and presentation skills Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Experience and strong working knowledge of vulnerability management tools Experience and a strong working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Full-stack knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup Direct experience designing IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services
09/09/2021
Full time
NO SPONSORSHIP Lead Cybersecurity Applications Security Looking for a candidate with Applications Security, penetration testing, Cloud, DevOps, Python, JAVA, C# etc traditional applications vulnerability management working with applications Job Summary The Principal Cybersecurity Application Security Specialist is recognized across the organization for functional expertise in application security and penetration testing. The Principal Cybersecurity Application Security Specialist will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies. Responsibilities Serve as the Subject Matter Expert for a collection of critical cybersecurity technologies, possessing the highest level of expertise in the design, deployment, maintenance and remediation of those technologies Expert level of proficiency with application security scanning tools and foundational concepts of secure development principles Expert level of penetration testing skill against cloud applications, traditional applications and infrastructure Provides a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure, applications and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other practitioners across the Digital organization to share best practices and insights Mentor and grow junior level associates Qualifications Bachelor's Degree A minimum of 7 years related work experience Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) or Certified The Principal Cybersecurity Application Security Specialist should have a minimum of 5-7 years of direct, documented, and verifiable experience with the following: Strong communication and presentation skills Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Experience and strong working knowledge of vulnerability management tools Experience and a strong working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Full-stack knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup Direct experience designing IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services
NO SPONSORSHIP Senior Cybersecurity Engineer Salary: $110k - $150k Looking for a candidate that is heavy in SSO directory. Must have Okta Migration in a large Enterprise environment. You will provide expert level support of single sign on Multifactor Authentication Provisioning certification and Privileged Identity Management. Duties and Responsibilities Serve as a Subject Matter Expert for several critical cybersecurity technologies, possessing an expert level of knowledge in the design, deployment, maintenance and remediation of those technologies Provides expert level support of single sign-on, directory, multi-factor authentication, provisioning, certification, and privileged identity management Provides input into a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other security practitioners to share best practices and insights QUALIFICATIONS Bachelor's degree Security and Technical Experience The Senior Cybersecurity Engineer should have a minimum of 3 years of direct, documented, and verifiable experience with the following: Strong communication and presentation skills, including change management approaches for widely deploying new technologies to non-technical audiences Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of identity management tools Working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Working knowledge of vulnerability management tools Working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Significant knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services as part of a team
09/09/2021
Full time
NO SPONSORSHIP Senior Cybersecurity Engineer Salary: $110k - $150k Looking for a candidate that is heavy in SSO directory. Must have Okta Migration in a large Enterprise environment. You will provide expert level support of single sign on Multifactor Authentication Provisioning certification and Privileged Identity Management. Duties and Responsibilities Serve as a Subject Matter Expert for several critical cybersecurity technologies, possessing an expert level of knowledge in the design, deployment, maintenance and remediation of those technologies Provides expert level support of single sign-on, directory, multi-factor authentication, provisioning, certification, and privileged identity management Provides input into a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Liaise with other security practitioners to share best practices and insights QUALIFICATIONS Bachelor's degree Security and Technical Experience The Senior Cybersecurity Engineer should have a minimum of 3 years of direct, documented, and verifiable experience with the following: Strong communication and presentation skills, including change management approaches for widely deploying new technologies to non-technical audiences Experience with deploying enterprise-wide, complex technology projects Experience and strong working knowledge of identity management tools Working knowledge of managing security infrastructure (eg, Firewalls, intrusion prevention systems (IPSs), web application Firewalls (WAFs), endpoint protection, SIEM, and log management technology) Working knowledge of vulnerability management tools Working knowledge of the methodologies to conduct risk assessment exercises on new applications and services Significant knowledge of IT infrastructure: Applications Databases Operating systems - Windows and Linux Hypervisors Networks - WAN, LAN, SCADA, Storage and Backup IAM technologies and services: Active Directory Lightweight Directory Access Protocol (LDAP) Amazon Web Service (AWS) IAM Experience leading the deployment of applications and infrastructure into public cloud services as part of a team
Cybersecurity and Infrastructure Security Agency
Arlington, Virginia
Overview Accepting applications Open & closing dates 08/18/2021 to 09/17/2021 Service Senior Executive Pay scale & grade ES 00 Salary $132,552 to $199,300 per year Appointment type Permanent Work schedule Full-time Duties Summary The Integrated Operations Division (IOD), coordinates, collaborates, and executes CISA's operational activities to ensure seamless support and expedited response to critical needs. IOD enhances mission effectiveness and situational awareness by unifying the conduct and reporting of CISA operations through a single channel to provide CISA leadership with a common operational picture and ensure cross-divisional coordination in the implementation of CISA programs. Responsibilities The Assistant Director for Integrated Operations serves as a senior CISA official who coordinates operations between divisions and regions to ensure rapid and effective response and reporting; works with the Intelligence Community to tailor intelligence products that it receives that meet the information needs of CISA senior leadership and other CISA divisions; and provides CISA leadership with awareness of emerging threats and incidents, as well as ongoing operational activities associated with critical infrastructure security and resilience. Specific responsibilities include: Coordinates the operational activity of CISA that is focused upon improving the nation's capability and capacity to assess and understand risk, and help focus efforts to detect, prevent, respond and mitigate disruptions of and to critical communications, physical infrastructure and cyber infrastructure. Along with Director and Deputy Director participates in the development, implementation and management of the CISA strategic and annual operating plans. Incumbent leads efforts in formulation of overall objectives for the IOD, to include all programs, priorities and policies to support the Director's objectives. In cooperation with the Director and Deputy Director, builds and sustains effective and efficient CISA and IOD management organizations, with appropriate performance metrics, capable of supporting the cybersecurity, physical infrastructure security and communications preparedness mission. Supports the development and execution of the National Cyber Incident Response Plan (NCIRP). Assists the national effort to improve homeland security information sharing between the public and private sectors to aid in preventing, detecting, mitigating, and/or recovering from the effects of an attack, interference, compromise or incapacitation related to cyber/IT, physical infrastructure and communications systems. Provides guidance and direction to subordinates in the broad areas of EO/EEO, human resources programs, and employee development to ensure IOD's efforts in these areas achieve the goals of the designated programs. Assesses and guides efforts of supporting activities, including contractors and personnel detailed to the IOD from other DHS organizations and other government agencies. Serves as approving authority for costs, schedules, and performance criteria for contracts, agreements with other government agencies, and performance. Travel Required Occasional travel - You may be expected to travel for this position. Supervisory status Yes Promotion Potential None Requirements Conditions of Employment You must be a U.S. citizen to apply for this position. You must successfully pass a background investigation. This may include a credit check, a review of financial issues, as well as certain criminal offenses and illegal use or possession of drugs. Selective Service - males born after 12/31/59 must be registered or exempt from Selective Service see Filing of OGE 278 - Public Financial Disclosure. You must be able to obtain and hold a obtain/maintain a Top Secret (SCI) clearance. If selected, a one-year SES Probationary period may be required. You must submit to a drug test and receive a negative test result prior to appointment to this position. If you receive a conditional offer of employment for this position, you will be required to complete an Optional Form 306, Declaration for Federal Employment, and to sign and certify the accuracy of all information in your application. DHS uses e-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States. Learn more about E-Verify , including your rights and responsibilities. Relocation expenses are not authorized. Other recruitment incentives may be authorized. All employees are required to participate in Direct Deposit/Electronic Funds Transfer for salary payments. This position may be designated as essential personnel. Essential personnel must be able to serve during continuity of operation events without regard to declarations of liberal leave or government closures due to weather, protests, and acts of terrorism or lack of funding. Failure to report for or remain in this position may result in disciplinary or adverse action in accordance with applicable laws, rules, and regulations (5 U.S.C. 7 and 5 CFR Part 752, as applicable). Qualifications As a basic requirement for entry into the SES, applicants must provide detailed evidence of possession of each of the Executive Core and Technical Qualifications listed below in a supplemental statement to assist reviewing officials in determining the best qualified candidates to be referred to the selecting official. Qualification and experience determinations will be based only on the information you submit. The application process used to recruit this position is the Traditional Method. Executive Core Qualifications: ECQ 1 - LEADING CHANGE: You must have demonstrated an ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment. Leadership Competencies: Creativity & Innovation, External Awareness, Flexibility, Resilience, Strategic Thinking, Vision. ECQ 2 - LEADING PEOPLE: You must demonstrate the ability to lead people toward meeting the organization's vision, mission, and goals. Inherent to this ECQ is the ability to provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts. Leadership Competencies: Conflict Management, Leveraging Diversity, Developing Others, Team Building. ECQ 3 - RESULTS DRIVEN: This core qualification involves the ability to meet organizational goals and customer expectations. Inherent to this ECQ is the ability to make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks. Leadership Competencies: Accountability, Customer Service, Decisiveness, Entrepreneurship, Problem Solving, Technical Credibility. ECQ 4 - BUSINESS ACUMEN: This ECQ involves the ability to manage human, financial, and information resources strategically. Leadership Competencies: Financial Management, Human Capital Management, Technology Management. ECQ 5 - BUILDING COALITIONS: This ECQ involves the ability to build coalitions internally and with other Federal agencies, State and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals. Leadership Competencies: Partnering, Political Savvy, Influencing/Negotiating. FUNDAMENTAL COMPETENCIES: The following competencies are the foundation for success in each of the Executive Core Qualifications: Interpersonal Skills, Oral Communication, Integrity/Honesty, Written Communication, Continual Learning, Public Service Motivation. Mandatory Technical Qualifications (MTQs): MTQ 1: Ability to deal effectively on complex homeland security-related issues with senior officials from all branches and levels of government and with other critical infrastructure/key resource owners, operators, and other stakeholders. MTQ 2 : Experience in directing and supporting national-level critical infrastructure/key resource risk management, preparedness and protection programs, such as those in the nation's chemical or other sectors or equivalent programs of significant complexity and importance in regional, State or business enterprises. Challenge Context Action Result Model An ECQ or Mandatory Technical Qualification (MTQ) statement should include more than one examples of relevant experience. Challenge. Describe a specific problem or goal. Context. Talk about the individuals and groups you worked with, and/or the environment in which you worked, to tackle a particular challenge (e.g., clients, co-workers, members of Congress, shrinking budget, low morale). Action. Discuss the specific actions you took to address a challenge. Result. Give specific examples of the results of your actions. These accomplishments demonstrate the quality and effectiveness of your leadership skills. Additional information on the Executive Core Qualifications is available at Senior Executive Service Executive Core Qualifications Veteran's preference does not apply to the SES. Probationary period:..... click apply for full job details
08/20/2021
Full time
Overview Accepting applications Open & closing dates 08/18/2021 to 09/17/2021 Service Senior Executive Pay scale & grade ES 00 Salary $132,552 to $199,300 per year Appointment type Permanent Work schedule Full-time Duties Summary The Integrated Operations Division (IOD), coordinates, collaborates, and executes CISA's operational activities to ensure seamless support and expedited response to critical needs. IOD enhances mission effectiveness and situational awareness by unifying the conduct and reporting of CISA operations through a single channel to provide CISA leadership with a common operational picture and ensure cross-divisional coordination in the implementation of CISA programs. Responsibilities The Assistant Director for Integrated Operations serves as a senior CISA official who coordinates operations between divisions and regions to ensure rapid and effective response and reporting; works with the Intelligence Community to tailor intelligence products that it receives that meet the information needs of CISA senior leadership and other CISA divisions; and provides CISA leadership with awareness of emerging threats and incidents, as well as ongoing operational activities associated with critical infrastructure security and resilience. Specific responsibilities include: Coordinates the operational activity of CISA that is focused upon improving the nation's capability and capacity to assess and understand risk, and help focus efforts to detect, prevent, respond and mitigate disruptions of and to critical communications, physical infrastructure and cyber infrastructure. Along with Director and Deputy Director participates in the development, implementation and management of the CISA strategic and annual operating plans. Incumbent leads efforts in formulation of overall objectives for the IOD, to include all programs, priorities and policies to support the Director's objectives. In cooperation with the Director and Deputy Director, builds and sustains effective and efficient CISA and IOD management organizations, with appropriate performance metrics, capable of supporting the cybersecurity, physical infrastructure security and communications preparedness mission. Supports the development and execution of the National Cyber Incident Response Plan (NCIRP). Assists the national effort to improve homeland security information sharing between the public and private sectors to aid in preventing, detecting, mitigating, and/or recovering from the effects of an attack, interference, compromise or incapacitation related to cyber/IT, physical infrastructure and communications systems. Provides guidance and direction to subordinates in the broad areas of EO/EEO, human resources programs, and employee development to ensure IOD's efforts in these areas achieve the goals of the designated programs. Assesses and guides efforts of supporting activities, including contractors and personnel detailed to the IOD from other DHS organizations and other government agencies. Serves as approving authority for costs, schedules, and performance criteria for contracts, agreements with other government agencies, and performance. Travel Required Occasional travel - You may be expected to travel for this position. Supervisory status Yes Promotion Potential None Requirements Conditions of Employment You must be a U.S. citizen to apply for this position. You must successfully pass a background investigation. This may include a credit check, a review of financial issues, as well as certain criminal offenses and illegal use or possession of drugs. Selective Service - males born after 12/31/59 must be registered or exempt from Selective Service see Filing of OGE 278 - Public Financial Disclosure. You must be able to obtain and hold a obtain/maintain a Top Secret (SCI) clearance. If selected, a one-year SES Probationary period may be required. You must submit to a drug test and receive a negative test result prior to appointment to this position. If you receive a conditional offer of employment for this position, you will be required to complete an Optional Form 306, Declaration for Federal Employment, and to sign and certify the accuracy of all information in your application. DHS uses e-Verify, an Internet-based system, to confirm the eligibility of all newly hired employees to work in the United States. Learn more about E-Verify , including your rights and responsibilities. Relocation expenses are not authorized. Other recruitment incentives may be authorized. All employees are required to participate in Direct Deposit/Electronic Funds Transfer for salary payments. This position may be designated as essential personnel. Essential personnel must be able to serve during continuity of operation events without regard to declarations of liberal leave or government closures due to weather, protests, and acts of terrorism or lack of funding. Failure to report for or remain in this position may result in disciplinary or adverse action in accordance with applicable laws, rules, and regulations (5 U.S.C. 7 and 5 CFR Part 752, as applicable). Qualifications As a basic requirement for entry into the SES, applicants must provide detailed evidence of possession of each of the Executive Core and Technical Qualifications listed below in a supplemental statement to assist reviewing officials in determining the best qualified candidates to be referred to the selecting official. Qualification and experience determinations will be based only on the information you submit. The application process used to recruit this position is the Traditional Method. Executive Core Qualifications: ECQ 1 - LEADING CHANGE: You must have demonstrated an ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment. Leadership Competencies: Creativity & Innovation, External Awareness, Flexibility, Resilience, Strategic Thinking, Vision. ECQ 2 - LEADING PEOPLE: You must demonstrate the ability to lead people toward meeting the organization's vision, mission, and goals. Inherent to this ECQ is the ability to provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts. Leadership Competencies: Conflict Management, Leveraging Diversity, Developing Others, Team Building. ECQ 3 - RESULTS DRIVEN: This core qualification involves the ability to meet organizational goals and customer expectations. Inherent to this ECQ is the ability to make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks. Leadership Competencies: Accountability, Customer Service, Decisiveness, Entrepreneurship, Problem Solving, Technical Credibility. ECQ 4 - BUSINESS ACUMEN: This ECQ involves the ability to manage human, financial, and information resources strategically. Leadership Competencies: Financial Management, Human Capital Management, Technology Management. ECQ 5 - BUILDING COALITIONS: This ECQ involves the ability to build coalitions internally and with other Federal agencies, State and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals. Leadership Competencies: Partnering, Political Savvy, Influencing/Negotiating. FUNDAMENTAL COMPETENCIES: The following competencies are the foundation for success in each of the Executive Core Qualifications: Interpersonal Skills, Oral Communication, Integrity/Honesty, Written Communication, Continual Learning, Public Service Motivation. Mandatory Technical Qualifications (MTQs): MTQ 1: Ability to deal effectively on complex homeland security-related issues with senior officials from all branches and levels of government and with other critical infrastructure/key resource owners, operators, and other stakeholders. MTQ 2 : Experience in directing and supporting national-level critical infrastructure/key resource risk management, preparedness and protection programs, such as those in the nation's chemical or other sectors or equivalent programs of significant complexity and importance in regional, State or business enterprises. Challenge Context Action Result Model An ECQ or Mandatory Technical Qualification (MTQ) statement should include more than one examples of relevant experience. Challenge. Describe a specific problem or goal. Context. Talk about the individuals and groups you worked with, and/or the environment in which you worked, to tackle a particular challenge (e.g., clients, co-workers, members of Congress, shrinking budget, low morale). Action. Discuss the specific actions you took to address a challenge. Result. Give specific examples of the results of your actions. These accomplishments demonstrate the quality and effectiveness of your leadership skills. Additional information on the Executive Core Qualifications is available at Senior Executive Service Executive Core Qualifications Veteran's preference does not apply to the SES. Probationary period:..... click apply for full job details
Job Summary: We are currently seeking an Senior Systems Security Engineer - Cyber/ISSE to function as a key contributor for the Systems Design Directorate team in the Massachusetts area (i.e. Woburn, Tewksbury, etc). The Systems Design & Architecture team is the central focus for Mission Systems Integration activities within Raytheon Missiles & Defense (RMD) . Join this highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our war fighters. RMD created Systems Security Engineering (SSE) to expand growth opportunities with a focus on system Anti-Tamper (AT) and Cyber Security architecture, requirements, design and implementation, as well as Cyber resiliency, threat awareness, and integration of Enterprise Cyber capabilities into RMD franchise solutions. Key Responsibilities: * Establish and manage a program vision. * Lead engineering execution across all IPTs, CPTs, and disciplines within the Program. * Primary Cyber Solutions POC with the customer senior counterparts. * Responsibility to manage all program engineering related activities related to the development of the exportable version of the system. Authority over and direct management of the program leads to ensure that products are delivered on time, on budget and meet system requirements. * Support the development of cybersecurity requirements, design and architecture artifacts, plans, and policies. * Defining security development and test efforts implementation of security controls of networking devices, databases, operating systems, and hardware and software components * Understanding and integrating cybersecurity development activities. * Support the development of RMF documents and controls validation testing for Authority to Operate (ATO) accreditations. * Performing analysis on cybersecurity collected data and test results. * Conducting cybersecurity audits to ensure appropriate implementation and compliance of the security posture. * Conducting technical and nontechnical trade studies. * Collaborating with program and engineering disciplines and ensuring the cybersecurity solution alternatives. * Understanding and compliance with DoD technology release and export licensing policies. Required Experience/Skills: * Minimum of 4+ years of Technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, determination, development, and implementation. * Experience in the field of Systems Engineering, including any of the following: System Requirements definition and analysis, System Test and Analysis, and Systems Engineering Studies. * Experience in security systems engineering involving various computer hardware and software S/W operating system and application solutions in both a stand-alone and in LAN/WAN configurations. * Experience with security features and/or vulnerability analysis of various operating systems as defined by Intelligence agencies, NIST, DISA (STIGs) and USCYBERCOM. * Experience with IA vulnerability testing and related network and system test tools; e.g., Retina, NMap, Nessus, Security Content Automation Protocol (SCAP). * Experience with information security toolset including: anti-virus, Vulnerability Assessment, HIDS/ NIDS, host-based or endpoint security solutions, Multi Factor Authentication (MFA), and Security Incident and Event Management (SIEM) and centralized auditing tools. * DoDI 8570.01-M IAT Level-II Compliant Certification (e.g. Security+ or CISSP or equivalent). * Experience leading and growing a team of engineers. * Collaborating with program and engineering disciplines and ensuring cybersecurity solution alternatives. Desired Experience/Skills: * Experience with IT and/or network and system security administration, including operating system security configuration and account management best practices for UNIX, MS Windows, Red Hat Enterprise Linux, and CISCO systems. * Understanding of Systems Engineering requirements, specifications, and Experience implementing DoD and Federal IA Certification and Accreditation Processes, IA controls and developing and maintaining associated certification and accreditation documentation. * Ability to organize, multi-task and prioritize tasks in a fast paced, deadline driven environment. * Familiar with NIST Risk Management Framework (RMF) as described in NIST Special Publication 800-37 * Familiar with Program Protection Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39 * Security related Network (e.g., Cisco) and Operating Systems (e.g., Linux, Windows, Solaris) certification or training * Knowledge of Agile / DevOps techniques. * Experience with multi-level security. * Knowledge of DoD Exportability/Releasability Requirements. * Experience working U.S. Government contract proposals as an Information Assurance Engineer subject matter expert. Required Education: * Bachelors Degree in STEM (Science, Technology, Engineering, and Mathematics); advanced degree(s) Business or related discipline This position requires the eligibility to obtain a security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance. At Raytheon Technologies, we innovate to create solutions and solve complex challenges across all domains: from land and sea to air, space, and cyberspace. In doing so, we embrace the talent, expertise and perspectives of our diverse workforce, each bringing their skills, ideas and dedication to the work we do. We pride ourselves on our commitment to our customers, industry partners and our teammates, making a positive impact not only to our business, but also in our communities where we live and work. Our constant innovation is made possible by a strong culture, investing in our people, and an unwavering vision thats shared by Raytheon Technologies employees across the globe a vision of one global team creating trusted, innovative solutions to make the world a safer place. What We Offer: Whether youre just starting out on your career journey or are an experienced professional, Raytheon Technologies offers a robust total rewards package that goes above and beyond with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the superior benefits Raytheon Technologies offers include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care. All these job responsibilities are to be executed in harmony with Raytheon Technologies' Code of Business Ethics and Conduct policy which sets the standard by which we operate and how we treat others. Raytheon Technologies is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status, or any other protected factor. This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization. 174239 Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.
01/31/2021
Full time
Job Summary: We are currently seeking an Senior Systems Security Engineer - Cyber/ISSE to function as a key contributor for the Systems Design Directorate team in the Massachusetts area (i.e. Woburn, Tewksbury, etc). The Systems Design & Architecture team is the central focus for Mission Systems Integration activities within Raytheon Missiles & Defense (RMD) . Join this highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our war fighters. RMD created Systems Security Engineering (SSE) to expand growth opportunities with a focus on system Anti-Tamper (AT) and Cyber Security architecture, requirements, design and implementation, as well as Cyber resiliency, threat awareness, and integration of Enterprise Cyber capabilities into RMD franchise solutions. Key Responsibilities: * Establish and manage a program vision. * Lead engineering execution across all IPTs, CPTs, and disciplines within the Program. * Primary Cyber Solutions POC with the customer senior counterparts. * Responsibility to manage all program engineering related activities related to the development of the exportable version of the system. Authority over and direct management of the program leads to ensure that products are delivered on time, on budget and meet system requirements. * Support the development of cybersecurity requirements, design and architecture artifacts, plans, and policies. * Defining security development and test efforts implementation of security controls of networking devices, databases, operating systems, and hardware and software components * Understanding and integrating cybersecurity development activities. * Support the development of RMF documents and controls validation testing for Authority to Operate (ATO) accreditations. * Performing analysis on cybersecurity collected data and test results. * Conducting cybersecurity audits to ensure appropriate implementation and compliance of the security posture. * Conducting technical and nontechnical trade studies. * Collaborating with program and engineering disciplines and ensuring the cybersecurity solution alternatives. * Understanding and compliance with DoD technology release and export licensing policies. Required Experience/Skills: * Minimum of 4+ years of Technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, determination, development, and implementation. * Experience in the field of Systems Engineering, including any of the following: System Requirements definition and analysis, System Test and Analysis, and Systems Engineering Studies. * Experience in security systems engineering involving various computer hardware and software S/W operating system and application solutions in both a stand-alone and in LAN/WAN configurations. * Experience with security features and/or vulnerability analysis of various operating systems as defined by Intelligence agencies, NIST, DISA (STIGs) and USCYBERCOM. * Experience with IA vulnerability testing and related network and system test tools; e.g., Retina, NMap, Nessus, Security Content Automation Protocol (SCAP). * Experience with information security toolset including: anti-virus, Vulnerability Assessment, HIDS/ NIDS, host-based or endpoint security solutions, Multi Factor Authentication (MFA), and Security Incident and Event Management (SIEM) and centralized auditing tools. * DoDI 8570.01-M IAT Level-II Compliant Certification (e.g. Security+ or CISSP or equivalent). * Experience leading and growing a team of engineers. * Collaborating with program and engineering disciplines and ensuring cybersecurity solution alternatives. Desired Experience/Skills: * Experience with IT and/or network and system security administration, including operating system security configuration and account management best practices for UNIX, MS Windows, Red Hat Enterprise Linux, and CISCO systems. * Understanding of Systems Engineering requirements, specifications, and Experience implementing DoD and Federal IA Certification and Accreditation Processes, IA controls and developing and maintaining associated certification and accreditation documentation. * Ability to organize, multi-task and prioritize tasks in a fast paced, deadline driven environment. * Familiar with NIST Risk Management Framework (RMF) as described in NIST Special Publication 800-37 * Familiar with Program Protection Plan (PPP) required by DoDI 5000.02 and DoDI 5200.39 * Security related Network (e.g., Cisco) and Operating Systems (e.g., Linux, Windows, Solaris) certification or training * Knowledge of Agile / DevOps techniques. * Experience with multi-level security. * Knowledge of DoD Exportability/Releasability Requirements. * Experience working U.S. Government contract proposals as an Information Assurance Engineer subject matter expert. Required Education: * Bachelors Degree in STEM (Science, Technology, Engineering, and Mathematics); advanced degree(s) Business or related discipline This position requires the eligibility to obtain a security clearance. Except in rare circumstances, only U.S. citizens are eligible for a security clearance. At Raytheon Technologies, we innovate to create solutions and solve complex challenges across all domains: from land and sea to air, space, and cyberspace. In doing so, we embrace the talent, expertise and perspectives of our diverse workforce, each bringing their skills, ideas and dedication to the work we do. We pride ourselves on our commitment to our customers, industry partners and our teammates, making a positive impact not only to our business, but also in our communities where we live and work. Our constant innovation is made possible by a strong culture, investing in our people, and an unwavering vision thats shared by Raytheon Technologies employees across the globe a vision of one global team creating trusted, innovative solutions to make the world a safer place. What We Offer: Whether youre just starting out on your career journey or are an experienced professional, Raytheon Technologies offers a robust total rewards package that goes above and beyond with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the superior benefits Raytheon Technologies offers include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care. All these job responsibilities are to be executed in harmony with Raytheon Technologies' Code of Business Ethics and Conduct policy which sets the standard by which we operate and how we treat others. Raytheon Technologies is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status, or any other protected factor. This position requires either a U.S. Person or a Non-U.S. Person who is eligible to obtain any required Export Authorization. 174239 Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender orientation, gender identity, national origin, disability, or protected Veteran status.
As the Business Information Security Officer (BISO) of S&P Dow Jones Indices, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization's overall security objectives This position will report to the CTO of S&P Dow Jones Indices Responsibilities Develop and maintain the overall Security strategy of the division Ensure that the division's technology (IT) priorities align with the overall Security strategy Acquire and manage leadership support and financial resources to support the Security transformation and governance priorities of the division Engage with the Global Information Security policy team as the primary point of contact for the division and ensure that division's Security policies and priorities align with those of the overall organization Manage and communicate the divisional Security roadmap Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection Ensure that Security requirements specific to information technology (IT) systems are included in all phases of the system life cycle Engage with the CIRT team to properly address and manage cybersecurity incidents or vulnerabilities Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements Establish a mature Security posture within the Division Experience/Skills: 5+ years in a senior Security leadership role 10+ years of experience working in a Security focused role in the technology or other technology heavy industry (e.g. Financial Services) Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred Detailed understanding of IT risk and information security fundamentals, risk assessment and risk management fundamentals, modern networking technologies and IT security controls Working knowledge of: Cloud computing architectures and the associated security designs and challenges Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them Common web application development technologies (e.g. Java, PHP, Python, etc...) along with tools and processes to enable teams to develop safely NIST security controls frameworks Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization's cyber objectives Ability to exercise judgment when policies are not well-defined S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. The EEO is the Law Poster describes discrimination protections under federal law. 102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group) Job ID: 255641 Posted On: 2020-12-15 Location: New York, New York, United States
01/21/2021
Full time
As the Business Information Security Officer (BISO) of S&P Dow Jones Indices, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization's overall security objectives This position will report to the CTO of S&P Dow Jones Indices Responsibilities Develop and maintain the overall Security strategy of the division Ensure that the division's technology (IT) priorities align with the overall Security strategy Acquire and manage leadership support and financial resources to support the Security transformation and governance priorities of the division Engage with the Global Information Security policy team as the primary point of contact for the division and ensure that division's Security policies and priorities align with those of the overall organization Manage and communicate the divisional Security roadmap Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection Ensure that Security requirements specific to information technology (IT) systems are included in all phases of the system life cycle Engage with the CIRT team to properly address and manage cybersecurity incidents or vulnerabilities Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements Establish a mature Security posture within the Division Experience/Skills: 5+ years in a senior Security leadership role 10+ years of experience working in a Security focused role in the technology or other technology heavy industry (e.g. Financial Services) Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred Detailed understanding of IT risk and information security fundamentals, risk assessment and risk management fundamentals, modern networking technologies and IT security controls Working knowledge of: Cloud computing architectures and the associated security designs and challenges Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them Common web application development technologies (e.g. Java, PHP, Python, etc...) along with tools and processes to enable teams to develop safely NIST security controls frameworks Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization's cyber objectives Ability to exercise judgment when policies are not well-defined S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. The EEO is the Law Poster describes discrimination protections under federal law. 102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group) Job ID: 255641 Posted On: 2020-12-15 Location: New York, New York, United States
Charles Schwab & Co., Inc.
San Francisco, California
Your Opportunity Charles Schwab Asset Management Solutions (SAMS) Technology is aligned to support the technology needs of Charles Schwab Investment Management Inc. (CSIM). CSIM is a part of the broader Schwab Asset Management Solutions organization. In addition to CSIM, SAMS is comprised of Charles Schwab Investment Advisory, Inc. (CSIA), Asset Management Client Solutions, and the Schwab Center for Financial Research. The integration of four distinct, yet complementary asset management-related groups within a single business organization allows us to drive a cohesive strategy to more effectively deliver on investors' needs. Charles Schwab Asset Management Solutions (SAMS) is responsible for building and managing Schwab mutual funds, Schwab ETFs and other manages accounts, with assets over $500 billion dollars in money market, equity, and fixed income products. Position Summary: This Senior Staff position within SAMS Technology will report to the Managing Director of Thematic Investing Technology. What you are good at Key contributor to cross-platform delivery coordination, business analysis, and risk management, supporting the dynamic needs of the thematic investing business that spans investment research, trading, and client experience across multiple channels. Assist in managing relationships with key stakeholders and partners in Asset Management Solutions and Brokerage services to ensure a seamless client experience. Highly motivated, organized and experienced business-focused leader with a proven record of project delivery, business analysis, financial management, and risk management including cybersecurity. What you have Qualifications & Experience A university degree from a well-respected academic institution; advanced coursework in information systems, computer science, and / or business administration are a plus 5+ years of financial industry experience in investment management 5+ years of experience in project management, business analysis, financial management, and risk management including cybersecurity Extensive experience managing projects including scope, scheduling, budgeting and planning activities in an environment with aggressive delivery goals and client product launches. Experience within the software development lifecycle leveraging the latest methodologies and industry applicable technologies including agile scrum development Significant experience transforming teams through technology, organization, culture, process and business change management Ability to work effectively in a matrixed, cross-functional organization providing holistic leadership and management to deliver on the product objectives Outstanding performer, detailed oriented, and driven to exceed expectations Skilled communicator and negotiator with exceptional written, verbal, presentation, and interpersonal skill Personal Characteristics Shows a commitment to high ethical standards and integrity and demonstrates this through action Excellent written communication, presentation and facilitation skills with experience preparing reports to executive management and boards of trustees Inquisitive, analytical, a strategic thinker, proactive and solutions-oriented High-energy, positive, entrepreneurial in spirit while goal-oriented and results-driven Self-starter; takes initiative and can work independently Well-organized and disciplined with high attention to detail Flexible and adaptable working with various business domains - provided by Dice
10/01/2020
Full time
Your Opportunity Charles Schwab Asset Management Solutions (SAMS) Technology is aligned to support the technology needs of Charles Schwab Investment Management Inc. (CSIM). CSIM is a part of the broader Schwab Asset Management Solutions organization. In addition to CSIM, SAMS is comprised of Charles Schwab Investment Advisory, Inc. (CSIA), Asset Management Client Solutions, and the Schwab Center for Financial Research. The integration of four distinct, yet complementary asset management-related groups within a single business organization allows us to drive a cohesive strategy to more effectively deliver on investors' needs. Charles Schwab Asset Management Solutions (SAMS) is responsible for building and managing Schwab mutual funds, Schwab ETFs and other manages accounts, with assets over $500 billion dollars in money market, equity, and fixed income products. Position Summary: This Senior Staff position within SAMS Technology will report to the Managing Director of Thematic Investing Technology. What you are good at Key contributor to cross-platform delivery coordination, business analysis, and risk management, supporting the dynamic needs of the thematic investing business that spans investment research, trading, and client experience across multiple channels. Assist in managing relationships with key stakeholders and partners in Asset Management Solutions and Brokerage services to ensure a seamless client experience. Highly motivated, organized and experienced business-focused leader with a proven record of project delivery, business analysis, financial management, and risk management including cybersecurity. What you have Qualifications & Experience A university degree from a well-respected academic institution; advanced coursework in information systems, computer science, and / or business administration are a plus 5+ years of financial industry experience in investment management 5+ years of experience in project management, business analysis, financial management, and risk management including cybersecurity Extensive experience managing projects including scope, scheduling, budgeting and planning activities in an environment with aggressive delivery goals and client product launches. Experience within the software development lifecycle leveraging the latest methodologies and industry applicable technologies including agile scrum development Significant experience transforming teams through technology, organization, culture, process and business change management Ability to work effectively in a matrixed, cross-functional organization providing holistic leadership and management to deliver on the product objectives Outstanding performer, detailed oriented, and driven to exceed expectations Skilled communicator and negotiator with exceptional written, verbal, presentation, and interpersonal skill Personal Characteristics Shows a commitment to high ethical standards and integrity and demonstrates this through action Excellent written communication, presentation and facilitation skills with experience preparing reports to executive management and boards of trustees Inquisitive, analytical, a strategic thinker, proactive and solutions-oriented High-energy, positive, entrepreneurial in spirit while goal-oriented and results-driven Self-starter; takes initiative and can work independently Well-organized and disciplined with high attention to detail Flexible and adaptable working with various business domains - provided by Dice
The Deputy Director of IT - Security assists the Director of Information Technology in the management and administrative oversight of the County s central information technology/data processing agency. Incumbent will be responsible for strategic planning, policy formulation, financial administration/budget, system/network security, and supervision of the department s day-to-day operations and activities staff. Person hired directs and manages the County's information/cybersecurity program; ensures County's compliance with all federal and state information security regulations (including homeland defense security initiatives); coordinates privacy and security requirements with HIPAA coordinator, Department of Finance for Payment Card Industry (PCI) and County agencies using Personally Identifiable Information (PII) and other privacy standards to ensure integrity, sensitivity and confidentiality of data. Works with law enforcement and legal authorities in investigations of digital files; provides architectural oversight, direction and recommendations for enterprise-wide information/cybersecurity technology; and performs other duties as required. Essential Functions The requirements for this position include, but are not limited to, those outlined below. All job qualifications and physical requirements are subject to possible modification to reasonably accommodate individuals with disabilities to enable them to perform the essential functions of the job. This document does not create an employment contract, implied or otherwise. It is the employer's discretion to add or change the duties or requirements of this position at any time. Directly supervises employees involved in network engineering, network security, server and data center planning and operations, end-user support, and service desk operations. Develops and manages all information security policies, standards, procedures, and internal controls which includes establishing procedures and requirements with key stakeholders to ensure compliance with local, state, and federal laws. Possesses knowledge of information security best practices and baseline security configurations for operating systems, applications and networking, and telecommunications equipment. Drafts strategies and plans to enforce security requirements and addresses identified risks. Develops, documents, and implements the enterprise security program by assessing residual risks, vulnerabilities and other security exposures including the misuse of information assets, and noncompliance with security policies and procedures. Compiles and manages disaster recovery plans and procedures including managing security incidents, providing 'after-action' reports and analysis of information security breaches, violations, malicious activity and incidents to management. Recommends corrective technical options and revisions to Information Technology (IT) security initiatives and policies to prevent future occurrences. Represents the County with local, regional, state and federal agencies on issues related to cybersecurity and protection of local government's critical IT infrastructure assets. Works with counterparts in other jurisdictions and external agencies to continuously evaluate and address emerging security threats. Provides guidance and direction while working with all facets of management within the County in developing secure and confidential technical solutions. Investigates and recommends new technologies that reduce the risk of cyber security threats and provides potential cost savings for the County. Delivers the IT Security awareness program through structured training and staff communications. Provides written or verbal communication to all levels of staff, leadership and elected officials on security issues and recommendations. Assists in the development of security architecture and security policies, procedures and standards. Evaluates all third-party systems that directly or indirectly access the County's network and reviews terms and conditions for vendor solutions and or new technology acquisitions. Performs other duties as assigned. Education: Bachelor's degree in a relevant IT field. Experience: Five years of experience in risk management, information security and IT of which three years are in a leadership role and developing IT security policies and procedures; or any equivalent combination of experience and training which provides the required knowledge, skills and abilities. Knowledge/Skills : Comprehensive knowledge of information security management and technology (audit compliance, regulatory compliance, disaster recovery, vulnerability assessment, firewalls, and endpoint security); comprehensive knowledge of security administration in a Windows based network environment; comprehensive knowledge of server administration as applied to network and internet security; thorough knowledge of information protection standards, guidelines, and applied procedures (i.e. industry "best practices"); thorough knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from National Institute of Standards and Technology (NIST), including 800-53 and Cybersecurity Framework; thorough knowledge of business needs with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers; the ability to work independently; the ability to establish and maintain effective working relationships with coworkers, representatives of other county departments and agencies, and the public; and the ability to communicate clearly and effectively, both verbally and in writing. Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; and talk or hear. The employee frequently is required to reach with hands and arms. The employee is occasionally required to stand; walk; and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 40 pounds unassisted. Specific vision abilities required by this job include close vision for extended periods of viewing a computer screen or screens, distance vision, color vision, depth perception, and ability to adjust focus. Number of Employees Supervised: 12 Number of Subordinate Supervisors Reporting to Job: 2 All positions are subject to a criminal background check for any convictions that relate to the job duties and responsibilities. The County's EEO Utilization Report has been available at - provided by Dice
09/30/2020
Full time
The Deputy Director of IT - Security assists the Director of Information Technology in the management and administrative oversight of the County s central information technology/data processing agency. Incumbent will be responsible for strategic planning, policy formulation, financial administration/budget, system/network security, and supervision of the department s day-to-day operations and activities staff. Person hired directs and manages the County's information/cybersecurity program; ensures County's compliance with all federal and state information security regulations (including homeland defense security initiatives); coordinates privacy and security requirements with HIPAA coordinator, Department of Finance for Payment Card Industry (PCI) and County agencies using Personally Identifiable Information (PII) and other privacy standards to ensure integrity, sensitivity and confidentiality of data. Works with law enforcement and legal authorities in investigations of digital files; provides architectural oversight, direction and recommendations for enterprise-wide information/cybersecurity technology; and performs other duties as required. Essential Functions The requirements for this position include, but are not limited to, those outlined below. All job qualifications and physical requirements are subject to possible modification to reasonably accommodate individuals with disabilities to enable them to perform the essential functions of the job. This document does not create an employment contract, implied or otherwise. It is the employer's discretion to add or change the duties or requirements of this position at any time. Directly supervises employees involved in network engineering, network security, server and data center planning and operations, end-user support, and service desk operations. Develops and manages all information security policies, standards, procedures, and internal controls which includes establishing procedures and requirements with key stakeholders to ensure compliance with local, state, and federal laws. Possesses knowledge of information security best practices and baseline security configurations for operating systems, applications and networking, and telecommunications equipment. Drafts strategies and plans to enforce security requirements and addresses identified risks. Develops, documents, and implements the enterprise security program by assessing residual risks, vulnerabilities and other security exposures including the misuse of information assets, and noncompliance with security policies and procedures. Compiles and manages disaster recovery plans and procedures including managing security incidents, providing 'after-action' reports and analysis of information security breaches, violations, malicious activity and incidents to management. Recommends corrective technical options and revisions to Information Technology (IT) security initiatives and policies to prevent future occurrences. Represents the County with local, regional, state and federal agencies on issues related to cybersecurity and protection of local government's critical IT infrastructure assets. Works with counterparts in other jurisdictions and external agencies to continuously evaluate and address emerging security threats. Provides guidance and direction while working with all facets of management within the County in developing secure and confidential technical solutions. Investigates and recommends new technologies that reduce the risk of cyber security threats and provides potential cost savings for the County. Delivers the IT Security awareness program through structured training and staff communications. Provides written or verbal communication to all levels of staff, leadership and elected officials on security issues and recommendations. Assists in the development of security architecture and security policies, procedures and standards. Evaluates all third-party systems that directly or indirectly access the County's network and reviews terms and conditions for vendor solutions and or new technology acquisitions. Performs other duties as assigned. Education: Bachelor's degree in a relevant IT field. Experience: Five years of experience in risk management, information security and IT of which three years are in a leadership role and developing IT security policies and procedures; or any equivalent combination of experience and training which provides the required knowledge, skills and abilities. Knowledge/Skills : Comprehensive knowledge of information security management and technology (audit compliance, regulatory compliance, disaster recovery, vulnerability assessment, firewalls, and endpoint security); comprehensive knowledge of security administration in a Windows based network environment; comprehensive knowledge of server administration as applied to network and internet security; thorough knowledge of information protection standards, guidelines, and applied procedures (i.e. industry "best practices"); thorough knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from National Institute of Standards and Technology (NIST), including 800-53 and Cybersecurity Framework; thorough knowledge of business needs with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers; the ability to work independently; the ability to establish and maintain effective working relationships with coworkers, representatives of other county departments and agencies, and the public; and the ability to communicate clearly and effectively, both verbally and in writing. Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; and talk or hear. The employee frequently is required to reach with hands and arms. The employee is occasionally required to stand; walk; and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 40 pounds unassisted. Specific vision abilities required by this job include close vision for extended periods of viewing a computer screen or screens, distance vision, color vision, depth perception, and ability to adjust focus. Number of Employees Supervised: 12 Number of Subordinate Supervisors Reporting to Job: 2 All positions are subject to a criminal background check for any convictions that relate to the job duties and responsibilities. The County's EEO Utilization Report has been available at - provided by Dice