As the Cyber Security Manager
, you will lead the overall ongoing effort to continuously assess, fine-tune, and implement the enterprise's information security program. This includes serving as the process and project owner for all activities related to availability, integrity, and confidentiality of customer, employee, and business information as driven by security standards such as SOC2, FedRAMP, ISO 2700, and NIST CSF
. This position requires a mix of business and technical understanding to connect with the strategic direction and day-to-day execution across the company. The ideal candidate will have in-depth knowledge of national and international security policies, information systems, processes, roles, and responsibilities, and a proven track record in assessing and delivering enterprise-level accreditations.What you will do
- Continuously monitors, identifies, and mitigates key risks, related controls, and gaps; document and report results to management for the following areas:
- Application security.
- Information Security.
- Network Security.
- Operational Security.
- Incident response.
- Disaster Recovery Planning.
- Threat intelligence.
- Vulnerability management (internal and external threats)
- End-user education.
- Cyber security policies and procedures.
What you bring to the role
- Performs self-assessment, cure gaps, manage, and deliver successful 3rd party security validations to gain customers' authority to operate in accordance with standards such as SOC2, FedRAMP, ISO 27001, and NIST CSF.
- Provides support to the sales organization with prompt and effective responses to cyber security questionnaires and contract negotiations.
- Implements and monitors the cyber security policies and procedures
- Continuously refines and enforces the cyber security policies, standards, and procedures
- Provides information security training to employees, contractors, alliances, and other third parties.
- Monitors and reviews compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties and refers problems to appropriate department managers or administrators.
- Monitors internal control systems to ensure that appropriate information access levels and are maintained.
- Stay current on the latest information technology and security trends; recommend corrective actions as identified and needed through various information security-driven or supported initiatives.
- Monitors advancements in cyber security technologies and recommends new technologies and product modifications based on new risks/threats that would provide value to the collaboration.
- Ability to analyze complex projects and identify relevant policies, gaps, and risks. Works independently with project teams and requires advanced oral and written communication skills.
- US citizenship Public Trust Security Clearance with no known blockers to a future public trust security clearance.
- Bachelor's degree with a concentration in computer science, or a similar combination of education and experience
- 3+ years of experience in information security
- Expert knowledge of most at least 3 following frameworks: OWASP Top 10 Security Risks, FedRAMP, SOC2, NIST cyber security
- Ability to think critically and communicate effectively to individuals and groups
- Collaborate and lead cross-functional teams successfully
- Previous experience with the creation and management of organizational risk assessments
- Experience working in the federal sector or a highly regulated industry
- Experience in the cybersecurity market and security risk management
How you can impress us
- Experience supporting a 99+% uptime environment
Target Start Date: ASAP Work Location: Reston, VA (preferred) or remote We are committed to an inclusive and diverse workplace. We believe that different perspectives lead to better ideas, and better ideas give us a greater understanding of the needs and interests of our diverse, global Meridian Knowledge Solutions Community. We welcome people of different backgrounds, experiences, abilities, and perspectives and are an equal opportunity employer.
- Top Secret Clearance or no known blocker toward gaining one.
- ITIL certification
- Experience in IT Hosting or CloudOps
- Experience in technical writing, especially in cyber security policies and procedures