Information Systems Security Manager

Bethesda, MD posted on November 23

More NET ESOLUTIONS CORPORATION jobs

Categories

NET ESOLUTIONS CORPORATION (NETE) is a multi-award winning company founded in 1999. NETE is a full service Information Technology (IT) company dedicated to providing value focused services to the Federal Government and the Biomedical Research and Health IT Sector. NETE offers a collaborative working environment where growth is encouraged and nurtured. In addition, we offer competitive salaries that may include performance bonuses and a comprehensive benefits package.

 

Job Description

NETE is seeking a detail-oriented Information Systems Security Manager with advanced analytical skills to join our great team. If you want to learn and grow then this is the job for you. This position offers a great opportunity to support extramural scientific research, from an Information Technology (IT) perspective


Responsibilities:

  • Recommend, support and maintain a security document management solution for a Security Assessment and Authorization program to include FIPS 199, Privacy Impact Analysis, System Security Plans, Security Assessment Plan, Security Assessment Report, Contingency Plan Table Top Test Report, Plan of Action and Milestones (POA&M) management, Risk Assessment and Waiver management documentation and other supporting documents as required for system accreditation's.
  • Provide policy, security engineering and technical advice to the Information System Secret Officer, system designers and operations staff.
  • Evaluate current operations and development processes, identify and assist in the creation of internal policies, procedures and standard security controls such as incident handling procedures, web application security standards, security program compliance and audit procedures, change management and configuration management procedures and communication of security issues via email, web pages, etc.
  • Analyze and recommend tools to automate security, audit, compliance and configuration processes to meet NIST SP 800-53 requirements and reduce the burden of operational security processes and/or assist in the integration of tools selected by NIH/NIGMS.
  • Develop training for IT staff covering implementation of new policy or procedures, new security program initiatives, etc.
  • Assess and recommend process improvements to ensure all operational and application system change undergoes a security impact assessment.
  • Guide the proper Implementation of security tools.
  • Perform periodic evaluation of effectiveness of security standards, procedures and practices. Assist in the development of metrics appropriate to measure the compliance and state of security posture (CDM, Operations effectiveness, security standards effectiveness in development) and effectiveness of audit, assessment and documentation implementation and compliance to determine the overall effectiveness of SA&A and security integration into SDLC and development.
  • Evaluate, recommend and implement improvements to the NIGMS Information Security program resulting in a cost-effective, efficient, compliant program.
  • Apply Project Management techniques to plan, track and implement security program recommendations.
  • Develop a Security InfoSec Handbook documenting the security program processes.
  • Provide technical security expertise in planning, coordinating, preparing and executing Security Assessment and Authorization per NIST Risk Management Framework and NIH 4-tiered risk assessment program

    Qualifications:

 

  • BA or BS degree in Computer Science\Security or related discipline.Preferred experience in policy and procedure development, report writing and presentations.
  • Minimum 5 years’ experience in Information Security is required along with minimum of 3 years of hands-on experience in at least 3 of the following:
  • Conducting System Assessment and Authorization (SA&A) activities
  • Coordinating, validating, and\or managing of all-source collection requirements
  • Identifying threats and vulnerabilities
  • Briefing threat related current situations
  • Conducting in-depth research and analysis (structured/gap/nodal) on threats and intelligence
  • Serving as a technical expert and liaison to explain incident details
  • Must be able to communicate complex-technical issues in simple terms and clearly, both orally and in writing, to a wide audience; Strong Interpersonal skills and the ability to work as part of a team.
  • Must be able to exercise discretion and maintain confidentiality.
  • Proficient in reporting and answering analytical questions using vulnerability data

 

Benefits
  • Paid Time Off (PTO)
  • 9 Paid Federal holidays
  • Various wellness programs
  • Free parking at corporate offices
  • Employee Referral Bonus Program (ERBP)
  • Vision coverage through UHC national network
  • Dental coverage through UHC national network
  • 401(K) with significant company match & no vesting period
  • Short and Long-Term Disability coverage (paid by company)
  • Competitive salaries with opportunity for performance bonuses
  • Discount plan for pet care, legal services, & identify theft protection
  • Basic Life and AD&D coverage (paid by company; option to purchase additional coverage)
  • Medical coverage through UHC national network (option to choose between 3 available plans)
  • Flexible Spending Accounts:
    • Healthcare (FSA)
    • Parking Reimbursement Account (PRK)
    • Dependent Care Assistant Program (DCAP)
    • Transportation Reimbursement Account (TRN)
 

NETE is a multi-award winning company as well as offers a collaborative working environment where growth is encouraged and nurtured. In addition, we offer competitive salaries that may include performance bonuses; and a comprehensive benefits package.

NETE uses E-Verify to validate all new hires' ability to legally work in the United States.

  Disclaimer: The above description is intended to describe the general nature of work and level of effort being performed by individual’s assigned to this position or job description. This is not to be construed as a complete or exhaustive list of all skills, responsibilities, duties, and/or assignments required. Individuals may be required to perform duties outside of their position, job description, or responsibilities as needed.


Wage

DOE

Experience

Any

Type

Full-time