Supervisor of Information Security

Oversee the operation of CNA Information Technology (IT) security through management of the organization's IT security analysts & create an enterprise IT security posture through policy, architecture and training processes. Responsible for IT compliance with Navy, DSS, NATO, COMSEC, DISA, NISPOM and other applicable regulations as well as classified contract requirements. Maintain a formal Information Systems Security Program and serve as Information System Security Manager (ISSM) by providing certification and accreditation of computer networks using government standards and data contamination management, including coordinating clean-up efforts, reporting requirements, and ensuring auditing requirements are completed. The IT Security Supervisor is expected to interface with peers in other departments to both share the IT security vision with those individuals and to solicit their involvement in achieving appropriate levels of security through information sharing and cooperation. Build and sustain a respectful workplace. Accountable for modeling respectful behavior, as well as recognizing and addressing offensive behaviors exhibited by any employee. Provide leadership, mentoring, and manage a small staff of information systems security officers in the performance of their duties and their career growth and development.
1 Responsible for overseeing overall IT security and IT security project management on unclassified and classified networks to include SIPRnet. Establish and document standard operating procedures (SOP) for all IT security related policies and procedures.
2 Lead and oversee the deployment, integration and initial configuration of all new IT security solutions and of any enhancements to existing IT security solutions in accordance with standard best operating procedures generically and the enterprise's IT security documents specifically. Select and acquire additional IT security solutions or enhancements to existing IT security solutions to improve overall enterprise IT security as per the enterprise's existing procurement processes.
3 Establish and track metrics for IT risk assessment activities. Use expert knowledge and industry sources to assess current threat levels and current security posture on unclassified and classified networks. Ensure proper mitigation procedures to reduce security risks. Communicate risk assessment projects/ activities/metrics to CNA Security manager and other CNA management.
4 Perform and manage certification and accreditation (C&A) and risk assessment activities. Act as SME for government security and audit requirements and regulations. Leverage experience to provide technical guidance on security related system changes for operating systems and software. Oversee compliance reports and disseminate information to pertinent staff for remediation.
5 Create, maintain, monitor, and report on compliance of security policies, procedures and manuals. Recommend and establish changes to security policies that affect the entire organization.
6 Responsible for maintaining and utilizing information security architecture. Ensure existing security devices and software programs are optimally configured. Evaluate new security hardware and software. Perform security reviews of IT projects. Responsible for overall IT security architecture design and development. Design, develop, and implement security technologies.
7 Establish and maintain a corporate-wide security awareness of computing environment and provide related end-user IT security training.
8 Participate in and track all Computer Security Incident Response activities for all IT systems. Oversee and conduct investigation of computer security incidents. Respond to and resolve IT security incidents.
9 Work with management, other team members, and end-users to determine project goals and directions; lead difficult and highly complex projects; prepare cost estimates and staff requirements for proposed projects to accomplish goals; monitor and report on tasks throughout the project; guide and review other project work when necessary. Conduct lessons-learned session(s), and document and report findings.
10 Create and maintain the IT security elements of CNA?s Business Continuity Plan and Disaster Recovery Plan.
11 Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, policies, improved security processes and the development of new attacks and threat vectors.
12 Serve as the security subject matter expert in overall IT security for CNA. Engage in ongoing communications with peers in the Technology Center as well as the various business groups to ensure enterprise wide understanding of IT security goals, to solicit feedback and to foster co-operation.
13 Perform other duties as assigned.
1 Education: College diploma or university degree required. Prefer degree in an IT, computer science or security related field. Advanced degree is a plus. One or more of the follow certifications required: SACA Certified Information Security Manager; DoDD 8570, Certified Information Privacy Professional (CIPP), Microsoft Certified Systems Engineer ? Security; (ISC) SCCP; (ISC) CISSP; (ISC) ISSAP; Certified Protection Professional (CPP).
2 Experience: Minimum 5-8 years related IT security technical and managerial experience in a progressively responsible position within an enterprise security environment, including experience with or knowledge of: DoD security policy, guidelines and directives, management principles, physical security inspections, computer and network security, SIPR/CCRI; information security, NISPOM, Director of Central Intelligence Directives, Navy Information Security Program Regulation and Navy Security Classification Guidance Series.; Extensive experience in enterprise security architecture design; Experience in designing and delivering employee security IT awareness training; experience in developing Business Continuity Plans and Disaster Recovery Plans; Supervisory experience also required.
3 Skills: Proven analytical and problem solving abilities; Ability to effectively prioritize and execute tasks in a high-pressure environment; Good written, oral, and interpersonal communication skills; Ability to conduct research into IT security issues and products as required; Ability to present ideas in business-friendly and user-friendly language; Highly self-motivated and directed; Keen attention to detail; Team-oriented and skilled in working within a collaborative environment.
4 Other: Active final DSS Secret clearance required. Ability to obtain and maintain a Top Secret Clearance required.
Requisition ID: NCER0570.1 581a005edee64979bfaf4db3e16a8819

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

PERM: Director of Information Security (AWS, A...
Fredericksburg, VA Technical Excellence Group, LLC
Director of Information Security - (CISSP) re...
Fairfax, VA The Consortium Inc
Manager of Information Security and Compliance
Blacksburg, VA Virginia Tech
Director of Centralized Information Security S...
Chesterfield, VA Virginia State Government
Information Security Technician
Richmond, VA Virginia State Government