Information Systems Security Manager

Your Future at M.C. Dean

We're seeking people driven to excellence and inspired to have a meaningful impact powering, automating, integrating, and securing the world's most critical infrastructure and facilities. This translates into fulfilling opportunities for employees driven to excel in a meaningful career. As an employee at M.C. Dean, you will join forces with more than 5,800 professionals who engineer and deploy automated, secure and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability. Together, we transform the way complex, large-scale systems are designed, delivered, and sustained-enhancing client outcomes, improving lives, and changing the world for the better.

The Information System Security Manager (ISSM) is responsible for the development, implementation, and continuous improvement of cybersecurity functions for multiple critical systems and for providing strategic and tactical leadership to a cybersecurity staff, including Information System Security Officer(s) and cybersecurity analysts.

Key responsibilities include but are not limited with the following:

1. In collaboration with the Facility Security Officer (FSO) and business leadership, take responsibility for establishing Information Systems Security Program identifying, pursuing, and maintaining cybersecurity accreditations and authorizations of critical M.C. Dean enterprise and/or customer information systems.

2. Lead development, implementation, and continuous improvement of information security policies, standards, plans, and procedures to maintain security posture, ensure compliance, and allow for effective and efficient execution of business functions.

3. Provide effective leadership to identify, assess, and mitigate cybersecurity risks; exercise direct ownership of system monitoring and auditing, threat intelligence, vulnerability management, incident response, cybersecurity awareness, and other critical continuous monitoring processes.

4. Lead investigations of computer security violations and incidents, reporting as necessary to both the Facility Security and Senior Program Managers.

5. Ensure alignment and effective collaboration among cybersecurity, information systems infrastructure, and software development and operations teams to design, implement, and maintain cybersecurity controls and secure system development practices consistent with the established policies and standards.

6. Provide organizational leadership including expertise development, budget management, and resource allocation in support of the established policies, plans, and strategic direction, and to enable effective extension of cybersecurity capabilities to customer-facing operations.

7. Establish and maintain effective relationships with authorizing officials, assessment organizations, customer information security officials, M.C. Dean business unit leaders, engineering organizations, and other internal and external stakeholders. Act as the primary responsible party for system audits, assessment, and authorization activities.

8. Develop and deliver regular updates to the company leadership on the information security posture, incidents, compliance, and strategic direction.

Qualifications:

* 10+ years of progressive experience with implementation of RMF, CMMC, ISO 27K, and related cybersecurity frameworks, as well as ICD and CNSS standards; Expert-level knowledge of the NIST RMF framework, including NIST SP 800-53 and related NIST SP 800 series standards, and their implementation by the US Federal Government civilian and DOD agencies

* 5+ years of cybersecurity management experience in the ISSO / ISSM roles, including developing, maintaining, and enforcing information system security policies and system security plans, performing system audits, and facilitating assessment and authorization activities

* Working knowledge of key information technology concepts, platforms, and technologies, including Microsoft Windows and/or Linux operating systems, and system virtualization (multiple hypervisors) in a secure network environment, TCP/IP networking protocols and services, and related security technologies and applicable security benchmarks (e.g., DISA Security Technical Implementation Guide (STIGs)

* Working knowledge of information key security concepts, such as encryption, Public Key Infrastructure (PKI), and related

* Working knowledge of and hands-on experience with compliance scanning tools (e.g. SCAP), vulnerability scanning tools (e.g. ACAS), eMASS

* Excellent written and verbal communication and presentation skills.

* Ability to work in a cross-functional team environment and adapt to changes

Education and Certification:

* Bachelor's Degree (and 10+ years of experience) or Masters Degree (and 7+ years of experience) in Information Security, Information Technology, Computer Science, or related field

* CISSP certification or equivalent

* Active TS/SCI clearance.

Abilities:

• Exposure to computer screens for an extended period of time.
• Sitting for extended periods of time.
• Reach by extending hands or arms in any direction.
• Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard.
• Listen to and understand information and ideas presented through spoken words and sentences.
• Communicate information and ideas in speaking so others will understand.
• Read and understand information and ideas presented in writing.
• Apply general rules to specific problems to produce answers that make sense.
• Identify and understand the speech of another person.