Information Systems Security Manager

Overview

M.C. Dean is Building Intelligence®. We design, build, operate, and maintain cyber-physical solutions for the nation's most recognizable mission critical facilities, secure environments, complex infrastructure, and global enterprises. The company's capabilities include electrical, electronic security, telecommunications, life safety, automation and controls, audio visual, and IT systems. M.C. Dean is headquartered in Tysons, Virginia, and employs more than 5,800 professionals who engineer and deploy automated, secure, and resilient power and technology systems; and deliver the management platforms essential for long-term system sustainability.

Why join M.C. Dean? Our people are inspired by the way engineering and innovation enhance customer outcomes, improve lives, and change the world for the better. We are driven by our core values of agility, expertise, and trust.

Clearance Requirement: Applicants selected will be subject to a government security investigation and must meet eligibility requirements, including U.S. Citizenship, for access to classified information; Active TS/SCI clearance required.

Responsibilities

The Information System Security Manager (ISSM) is responsible for the development, implementation, and continuous improvement of cybersecurity functions for multiple critical systems and for providing strategic and tactical leadership to a cybersecurity staff, including Information System Security Officer(s) and cybersecurity analysts.

• In collaboration with the Facility Security Officer (FSO) and business leadership, take responsibility for establishing Information Systems Security Program identifying, pursuing, and maintaining cybersecurity accreditations and authorizations of critical M.C. Dean enterprise and/or customer information systems.
• Lead development, implementation, and continuous improvement of information security policies, standards, plans, and procedures to maintain security posture, ensure compliance, and allow for effective and efficient execution of business functions.
• Provide effective leadership to identify, assess, and mitigate cybersecurity risks; exercise direct ownership of system monitoring and auditing, threat intelligence, vulnerability management, incident response, cybersecurity awareness, and other critical continuous monitoring processes.
• Lead investigations of computer security violations and incidents, reporting as necessary to both the Facility Security and Senior Program Managers.
• Ensure alignment and effective collaboration among cybersecurity, information systems infrastructure, and software development and operations teams to design, implement, and maintain cybersecurity controls and secure system development practices consistent with the established policies and standards.
• Provide organizational leadership including expertise development, budget management, and resource allocation in support of the established policies, plans, and strategic direction, and to enable effective extension of cybersecurity capabilities to customer-facing operations.
• Establish and maintain effective relationships with authorizing officials, assessment organizations, customer information security officials, M.C. Dean business unit leaders, engineering organizations, and other internal and external stakeholders. Act as the primary responsible party for system audits, assessment, and authorization activities.
• Develop and deliver regular updates to the company leadership on the information security posture, incidents, compliance, and strategic direction.

• 10+ years of progressive experience with implementation of RMF, CMMC, ISO 27K, and related cybersecurity frameworks, as well as ICD and CNSS standards; Expert-level knowledge of the NIST RMF framework, including NIST SP 800-53 and related NIST SP 800 series standards, and their implementation by the US Federal Government civilian and DOD agencies
• 5+ years of cybersecurity management experience in the ISSO / ISSM roles, including developing, maintaining, and enforcing information system security policies and system security plans, performing system audits, and facilitating assessment and authorization activities
• Working knowledge of key information technology concepts, platforms, and technologies, including Microsoft Windows and/or Linux operating systems, and system virtualization (multiple hypervisors) in a secure network environment, TCP/IP networking protocols and services, and related security technologies and applicable security benchmarks (e.g., DISA Security Technical Implementation Guide (STIGs)
• Working knowledge of information key security concepts, such as encryption, Public Key Infrastructure (PKI), and related
• Working knowledge of and hands-on experience with compliance scanning tools (e.g. SCAP), vulnerability scanning tools (e.g. ACAS), eMASS
• Excellent written and verbal communication and presentation skills.
• Ability to work in a cross-functional team environment and adapt to changes

• Bachelor's Degree (and 10+ years of experience) or Masters Degree (and 7+ years of experience) in Information Security, Information Technology, Computer Science, or related field
• CISSP certification or equivalent

• A competitive salary
• Medical, dental, vision, life, and disability insurance
• Paid time off
• Tuition reimbursement
• 401k Retirement Plan
• Military Reserve pay offset
• Paid maternity leave

• Exposure to computer screens for an extended period of time.
• Sitting for extended periods of time.
• Reach by extending hands or arms in any direction.
• Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard.
• Listen to and understand information and ideas presented through spoken words and sentences.
• Communicate information and ideas in speaking so others will understand.
• Read and understand information and ideas presented in writing.
• Apply general rules to specific problems to produce answers that make sense.
• Identify and understand the speech of another person.