Director, Information Security - CMMC

Location

Maryland | United States

Job description

The Director, Information Security is responsible for leading the effort for DoD security accreditations including CMMC and IA-Pre. Working in conjunction with the EVP, Engineering & Network Operations, this role will establish the Company’s information security policies, procedures, and strategy, while ensuring that the company meets and maintains compliance with Regulatory Government Standards and Guidelines by developing and executing security controls, defenses, and countermeasures in an effort to minimize vulnerabilities, and intercept and prevent internal or external attacks or attempts to infiltrate company information assets, including email, data, and web-based systems. This is a leadership role as well as a hands-on contributor role for the company’s information security monitoring, analysis, and mitigation.

• Develop and execute security system compliance policies and procedures.
• Identify cybersecurity architecture, goals, objectives, and metrics; analyze business needs and priorities for protection of critical systems.
• Select, develop, and evaluate personnel to ensure the efficient operation of the team.
• Establish and implement operations policies and appropriate standards and criteria for hardware, software, and email and web firewall, access verification and encryption requirements.
• Lead the effort for DoD security accreditations including CMMC and IA-PRE.
• Monitor systems for cybersecurity vulnerabilities, threats, and events, oversee incident response planning, and leases vulnerability audits and forensic investigations.
• Evaluate potential business impacts from security breaches and provide strategic and tactical guidance to business decision-makers.
• Establish system controls by developing a framework of controls and levels of access to incorporate into new and existing products and systems.
• Research attempted or successful efforts to compromise systems security and designs countermeasures.
• Administer security policies to control physical and virtual access to systems.
• Review and monitor real-time, daily, and historical logs generated from all Company systems through various Security Information and Event Management (SIEM) tools.
• Analyze and identify potential intrusions and security violations, both internally and externally. Revise and/or create new rules on SIEM tools to reduce false positives and/or undetected incidents.
• Conduct Vulnerabilities and Compliance Assessments to identify vulnerabilities; assess findings to determine residual risks and priority level. Research vulnerabilities and compliance failures to determine an appropriate solution and create action plan for remediation.
• Audit and collect evidence to prove compliance with Regulatory Standards. Research, plan, and implement solutions for non-compliancy controls.
• Work closely with PMO to support compliance efforts for various programs.
• Work closely with Facility Security Officers (FSOs) to ensure adherence to security incident reporting requirements and ensure alignment with overall Company security posture.
• Develop Company security awareness by providing orientation, educational programs, and on-going communication.

• U.S. Citizen with the ability to obtain and maintain a U.S. Government issued security clearance.
• 5+ years of experience in an Information Security role responsible for leading policy and procedure development, implementation, and compliance.
• Bachelor's Degree in Computer Science, Engineering, Information Technology, Cyber Security, or related field, or an equivalent combination of education and related experience.
• Experience with implementing NIST 800-171/CMMC 2.0.
• Proficient in key areas of security such as: Vulnerability Management, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Data Loss Prevention (DLP), Encryption, Two-Factor Authentication, Web filtering, and Advanced Threat Protection.
• Experience with NIST standards, such as the CSF and 800-171.
• Ability to work well under pressure and prioritize workload and multiple projects.
• Ability to maintain confidentiality and safeguard proprietary, sensitive information
• Effective verbal and written communication skills and ability to present to multiple levels of an organization.
• Effective critical thinking and problem-solving skills.

Valued but not required skills and experience:

• CISSP, CISA, or CISM certification.
• CCNA, CCNA Security
• Experience with cyber kill chains.

UltiSat is a global provider of end-to-end managed networks, cyber-security capabilities, and advanced engineering and technical services. We focus on the unique needs of customers in the defense, national security, civil government, humanitarian-aid and critical infrastructure markets. Offering a range of services including satellite, terrestrial and wireless networks, airborne ISR solutions, as well as systems integration and field services, UltiSat specializes in providing secure communications and networking solutions for missions of high consequence.

• Comprehensive mission communications solutions
• Facilities based network infrastructure
• In-house engineering and technical expertise
• Field deployment capabilities
• Commitment to deliver above and beyond

Equal Opportunity Employer – Minorities / Women / Veterans / Individuals with Disabilities / Gender Identity / Sexual Orientation

If you are a disabled individual or disabled Veteran and require a reasonable accommodation in applying for any posted position, please contact us at [email protected] or (240) 243-5100.

Job tags

Salary