Role Purpose

• Information & Cyber Security Management, IT Security Physical & Logical Security Management, Security & Vulnerability planning, IT Security Awareness & Policy Development.

Key Accountabilities & Activities

• Provide information security awareness training to organization personnel
• Oversee information security audits, whether by performed by organization or third-party personnel
• Evaluate department budget and costs associated with technological training
• Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
• Implement and oversee technological upgrades, improvements and major changes to the information security environment
• Serve as a focal point of contact for the information security team and the customer or organization
• Manage and configure physical security, disaster recovery and data backup systems
• Monitoring of all security operations including SIEM platform, AV, Firewalls, Identity Management Platform, access request processing, digital loss prevention
• Evaluate and recommend information security technologies and practices
• Advise on and monitor compliance with information security mandates
• Interpret security policies, regulations, standards, and other mandates into security control requirements and assess environments against those requirements
• Advise IT Director on risk levels and security posture.
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Oversee the information security training and awareness program.
• Participate in an information security risk assessment during the Security Assessment and Authorization process.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Perform analysis of network security, based upon the DCID 6/3, DITSCAP, DIACAP, and NISPOM Chapter 8 certification and accreditation process

Experience & qualifications

• 1-years’ experience in IT & Cyber Security
• Bachelor’s degree in IT or computer engineering
• CISSP, IAM, CISM

Knowledge & Skills 

• Full understanding of ISO27001, NCA, NIS
• Understanding of Global Security Criteria such as Cybersecurity, Knowledge Assurance
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
• Knowledge of current and emerging threats/threat vectors.
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return- oriented attacks, malicious code).