Lead Information System Security Officer

WME Needs Lead Information System Security Officer

 

Position:
Full-Time
Location: 
Remote
Start Date: 
June 1, 2023
Nationality:
Any

Windows Management Experts (WME) is looking for a Lead Information System Security Officer role. The Lead shall have functional knowledge in all areas of cybersecurity, but in particular, the federal cybersecurity guidance documents including OMB Memorandums, FISMA, and NIST Special Publications.

As a Lead Information System Security Officer, you will play a crucial role in safeguarding our client organization’s sensitive and confidential data from unauthorized access, use, disclosure, modification, or destruction. You will be responsible for leading the development and implementation of their information security program, ensuring that it meets the highest industry standards, complies with relevant regulations, and aligns with their business objectives and risk appetite.

You will lead a team of security professionals, including security analysts, engineers, and administrators, and work closely with executive leadership, business units, and IT teams to ensure that our security program is integrated into all aspects of our business operations. You will be a subject matter expert in security governance, risk management, and compliance, and provide thought leadership and guidance to the organization on security-related matters.

As a Lead Information System Security Officer, you will need to have a deep understanding of security technologies, threats, and trends, as well as excellent communication and interpersonal skills. You will need to be able to communicate complex security concepts to technical and non-technical audiences and establish and maintain effective relationships with stakeholders across the organization.

All in all, WME is looking for some exceptional communication and interpersonal skills in our new team member. The candidate’s toolbox must be diverse & complete. From being technically savvy to displaying a vigorous passion for learning beyond their traditional areas of expertise, the resource must prove to be an asset to the company.

Required Skills/Qualifications/Education:

  • Degree in Computer Science, Information Systems or related discipline from an accredited college or University required.
  • 10+ years’ IT Security experience, preferably in an ISSO or ISSM role.
  • Certification(s) in information technology security (e.g., CISSP or CISM).
  • Ability to implement information security requirements for IT systems through the Risk Management Framework(RMF)
  • Excellent written and verbal communication skills including the ability to communicate effectively with internal stakeholders.
  • Experience in developing and implementing security policies, procedures, and guidelines in compliance with industry best practices and regulatory requirements such as NIST, ISO, HIPAA, or PCI DSS.
  • Knowledge of network security protocols, such as TLS/SSL, IPSec, SSH, and VPN, and experience configuring and managing network security devices, such as firewalls, routers, and switches.
  • Strong understanding of cloud security architecture and experience securing cloud-based environments, such as AWS, Azure, or GCP.
  • Expertise in performing security risk assessments, vulnerability assessments, and penetration testing, and ability to analyze and report on security-related metrics and trends.
  • Familiarity with security incident response procedures and experience leading incident response teams in identifying, containing, and mitigating security incidents and breaches.
  • Knowledge of identity and access management (IAM) concepts and technologies, such as SSO, MFA, RBAC, and LDAP, and experience implementing and managing IAM solutions.
  • Ability to stay current with emerging security technologies, threats, and trends, and provide thought leadership and guidance to the organization on security-related matters.

Responsibilities of the Desired Lead Information System Security Officer:

  • Develop and maintain the organization’s information security strategy, including goals, objectives, and roadmap, in alignment with business objectives and risk appetite.
  • Lead the organization’s security governance, risk management, and compliance (GRC) efforts, including overseeing the implementation of security controls, risk assessments, and audits.
  • Develop and maintain the organization’s security policies, procedures, and standards, ensuring they are up to date, communicated effectively, and enforced consistently across the organization.
  • Establish and maintain relationships with key stakeholders across the organization, including executive leadership, business units, and IT teams, to ensure alignment and buy-in on security initiatives and priorities.
  • Lead the incident response team in responding to security incidents, including identifying, containing, investigating, and remediating incidents, and reporting them to relevant stakeholders.
  • Manage the security awareness and training program, including developing and delivering security awareness training to employees and contractors on a regular basis.
  • Monitor and analyze security-related data from various sources, including security devices, logs, and threat intelligence feeds, to identify potential security threats and take appropriate actions to mitigate them.
  • Lead the security architecture and engineering efforts, including designing and implementing security solutions and technologies that meet business requirements and comply with security standards and regulations.
  • Manage relationships with third-party security vendors, including conducting due diligence assessments, negotiating contracts, and overseeing the delivery of services.
  • Participate in security-related forums and conferences, stay up to date with emerging security technologies and trends, and provide thought leadership to the organization.
  • Develop and maintain security metrics and dashboards that report on the effectiveness of the security program and communicate security risks and trends to relevant stakeholders.
  • Continuously evaluate and improve the security program, including conducting regular security assessments and audits, identifying areas for improvement, and implementing changes to address gaps and risks.

Core Values:

  • Integrity (Doing What’s Right)
  • Inclusion (Encouraging Diversity)
  • Teamwork (Working Together)
  • Excellence (Being Your Best)
  • Accountability (Taking Personal Responsibility)

Disclaimer

All the qualified applicants will receive due consideration for employment without any regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Share:

Facebook
Twitter
LinkedIn

Apply for this Job

    You can opt out if you are not interested in updates about this job and related jobs.

    On Key

    More Posts

    Senior Security Consultant Required by WME

    Senior Security Consultant

      Position: Full-Time / Part-Time Location:  Remote Start Date:  ASAP Nationality: Any Windows Management Experts (WME) is looking for a Senior Security Consultant role for one of our valued partners. This position provides consultation and direction around Microsoft security solutions to meet strategic and tactical

    Read More »
    DNS Migration Architect

    DNS Migration Expert

    Location:       Remote Work Nationality:   ANY Position:        FULL-TIME Start Date:     ASAP Windows Management Experts (WME) is looking for a motivated & experienced DNS Migration Architect. This role would focus on designing the strategy and overall architecture for migrating DNS services

    Read More »
    Regulatory & Compliance Engineer

    Regulatory and Compliance Engineer

    Position: Full-Time Location:  Remote Start Date:  ASAP Nationality: Any Windows Management Experts (WME) is looking for a motivated and experienced Regulatory and compliance Engineer to join one of our client companies. As a Regulatory and compliance Engineer, your focus will be on tools and regulations

    Read More »
    Security Engineer-Architect

    Security Engineer/Architect

      Position: Full-Time Location:  Remote Start Date:  ASAP Nationality: Any Windows Management Experts (WME) is looking for a motivated and experienced Security Engineer/Architect Role to join one of our client companies. As a Security Engineer, your focus will be on solutions and tools like Microsoft

    Read More »
    Cloud Engineer-AWS and Azure

    Cloud Engineer – AWS and Azure

    Position:         Full-Time Location:        Remote Start Date:      ASAP Nationality:     ANY Windows Management Experts (WME) is looking for a Cloud Migration Engineer (AWS to Azure) role for one of our valued clients. The Cloud Migration Engineer

    Read More »

      You can opt out if you are not interested in updates about this job and related jobs.