Client is seeking an Information Systems Security Manager to provide support to the Client's Cross Domain Support Office including governance of delivering cross-domain capability at mission speed, defending the classified networks, enabling federated cross-domain services, and developing cross-domain expertise throughout the Client's operating environment.
Tasks:
Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
Advise appropriate senior leadership or authorized officials of changes affecting the organization's cybersecurity posture.
Knowledge
Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of cybersecurity and privacy principles. K0005: Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses. K0008: Knowledge of applicable business processes and operations of customer organizations.
Knowledge of encryption algorithms
Knowledge of data backup and recovery.
Knowledge of business continuity and disaster recovery continuity of operations plans.
Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). K0038: Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
Knowledge of incident response and handling methodologies.
Knowledge of industry-standard and organizationally accepted analysis principles and methods.
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of measures or indicators of system performance and availability.
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Knowledge of network traffic analysis methods.
Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of resource management principles and techniques.
Tasks:
Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.
Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.
Advise senior management (e.g., Chief Information Officer [CIO]) on risk levels and security posture.
Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements.
Advise appropriate senior leadership or authorized officials of changes affecting the organization's cybersecurity posture.
Knowledge
Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of cybersecurity and privacy principles. K0005: Knowledge of cyber threats and vulnerabilities.
Knowledge of specific operational impacts of cybersecurity lapses. K0008: Knowledge of applicable business processes and operations of customer organizations.
Knowledge of encryption algorithms
Knowledge of data backup and recovery.
Knowledge of business continuity and disaster recovery continuity of operations plans.
Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). K0038: Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
Knowledge of incident response and handling methodologies.
Knowledge of industry-standard and organizationally accepted analysis principles and methods.
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of measures or indicators of system performance and availability.
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
Knowledge of network traffic analysis methods.
Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Knowledge of resource management principles and techniques.