Information Systems Security Manager

Overview About M.C. Dean M.C. Dean is Building Intelligence. We design, build, operate, and maintain cyber-physical solutions for the nation's most mission-critical facilities, secure environments, complex infrastructure, and global enterprises. With over 7,000 employees, our capabilities span electrical, electronic security, telecommunications, life safety, automation and controls, audiovisual, and IT systems. Headquarters in Tysons, Virginia, M.C. Dean delivers resilient, secure, and innovative power and technology solutions through engineering expertise and smart systems integration. Why Join Us? Our people are passionate about engineering innovation that improves lives and drives impactful change. Guided by our core values-agility, expertise, and trust-we foster a collaborative and forward-thinking work environment. At M.C. Dean, we are committed to building the next generation of technical leaders in electrical, engineering, and cybersecurity industries. The Information System Security Manager (ISSM) is responsible for the development, implementation, and continuous improvement of cybersecurity functions for multiple critical systems and for providing strategic and tactical leadership to a cybersecurity staff, including Information System Security Officer(s) and cybersecurity analysts. Responsibilities Key responsibilities include but are not limited with the following: In collaboration with the Facility Security Officer (FSO) and business leadership, take responsibility for establishing Information Systems Security Program identifying, pursuing, and maintaining cybersecurity accreditations and authorizations of critical M.C. Dean enterprise and/or customer information systems. Lead development, implementation, and continuous improvement of information security policies, standards, plans, and procedures to maintain security posture, ensure compliance, and allow for effective and efficient execution of business functions. Provide effective leadership to identify, assess, and mitigate cybersecurity risks; exercise direct ownership of system monitoring and auditing, threat intelligence, vulnerability management, incident response, cybersecurity awareness, and other critical continuous monitoring processes. Lead investigations of computer security violations and incidents, reporting as necessary to both the Facility Security and Senior Program Managers. Ensure alignment and effective collaboration among cybersecurity, information systems infrastructure, and software development and operations teams to design, implement, and maintain cybersecurity controls and secure system development practices consistent with the established policies and standards. Provide organizational leadership including expertise development, budget management, and resource allocation in support of the established policies, plans, and strategic direction, and to enable effective extension of cybersecurity capabilities to customer-facing operations. Establish and maintain effective relationships with authorizing officials, assessment organizations, customer information security officials, M.C. Dean business unit leaders, engineering organizations, and other internal and external stakeholders. Act as the primary responsible party for system audits, assessment, and authorization activities. Develop and deliver regular updates to the company leadership on the information security posture, incidents, compliance, and strategic direction. Qualifications Qualifications: 10+ years of progressive experience with implementation of RMF, CMMC, ISO 27K, and related cybersecurity frameworks, as well as ICD and CNSS standards; Expert-level knowledge of the NIST RMF framework, including NIST SP 800-53 and related NIST SP 800 series standards, and their implementation by the US Federal Government civilian and DOD agencies 5+ years of cybersecurity management experience in the ISSO / ISSM roles, including developing, maintaining, and enforcing information system security policies and system security plans, performing system audits, and facilitating assessment and authorization activities Working knowledge of key information technology concepts, platforms, and technologies, including Microsoft Windows and/or Linux operating systems, and system virtualization (multiple hypervisors) in a secure network environment, TCP/IP networking protocols and services, and related security technologies and applicable security benchmarks (e.g., DISA Security Technical Implementation Guide (STIGs) Working knowledge of information key security concepts, such as encryption, Public Key Infrastructure (PKI), and related Working knowledge of and hands-on experience with compliance scanning tools (e.g. SCAP), vulnerability scanning tools (e.g. ACAS), eMASS Excellent written and verbal communication and presentation skills. Ability to work in a cross-functional team environment and adapt to changes Education and Certification Bachelor's Degree (and 10+ years of experience) or Masters Degree (and 7+ years of experience) in Information Security, Information Technology, Computer Science, or related field CISSP certification or equivalent Active TS/SCI clearance. Abilities Exposure to computer screens for an extended period of time. Sitting for extended periods of time. Reach by extending hands or arms in any direction. Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard. Listen to and understand information and ideas presented through spoken words and sentences. Communicate information and ideas in speaking so others will understand. Read and understand information and ideas presented in writing. Apply general rules to specific problems to produce answers that make sense. Identify and understand the speech of another person. #J-18808-Ljbffr