LAQ6N3-Info Sec & Governance Spec 3 - L13-Info Sec & Governance
Previous Job
LAQ6N3-Info Sec & Governance Spec 3 - L13-Info Sec & Governance
Ref No.: 18-02625
Location: Ridley Park, Pennsylvania
Start Date / End Date: 08/27/2018 to 06/11/2019
Job Description:
Primarily responsible for establishing and maintaining overall information security posture and serves as principle advisor for all matters technical or otherwise involving the security of the organizational technology platforms. Owns and implements Risk Management Framework for Enterprise. Conducts vulnerability analyses and risk assessments. Evaluates and applies appropriate mitigations. Advises both enterprise and program management on risk levels, security posture and cost/benefit analysis of information security programs, policies, processes, systems, and elements. Advise appropriate senior leadership or Authorizing Official of changes affecting the enterprise and program cybersecurity posture. Develops and implements the strategies for continuous monitoring of security controls effectiveness. Utilizes project management expertise to effectively manage tasks, resources, and schedule to meet objectives. Serves as information security authority within the Information Technology (IT) Change Control Board to ensure all system modifications adhere to the information security standards. Coordinates cyber incident responses related to organizational systems. Aligns and coordinates with the IT partners to facilitate the secure product lifecycle of organizational systems across broad spectrum of technology platforms. Contributes to the development and deployment of program information security for assigned systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures. Implements Risk Management Framework (RMF) processes, product development and product maintanence for assigned systems. Performs security compliance continuous monitoring. Participates in security assessments and audits. Prepares and presents technical reports and briefings. Contributes to the identification of root causes, the prioritization of threats, and recommends/ implements corrective action. Provides mentoring and technical leadership within the information security program team. Explores the enterprise and industry for the evolving state of industry knowledge and methods regarding information security best practices. Supports development of enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations.
Education / Experience: Technical bachelor's degree and typically 5 or more years' related work experience or a Master's degree with typically 3 or more years' or a PhD degree or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study.