Location: Hybrid - Northern Virginia/ or Houston Texas
MISSION OF THE POSITION
The Information Security Specialist is responsible for helping develop and carrying out implementation of the OWT information security program following US Government policies (i.e. NIST800-171, CMMC, RMF, IA Pre etc.) as directed by the CISO. The programs include procedures and policies designed to protect government and enterprise communications systems and assets from internal and external threats. The Information Security Assistant will work closely with the CISO to ensure policies are properly implemented and will conduct internal audits at least once per year. The Information Security Assistant will maintain regulatory reporting for any Information System breach and will respond to data breaches and other security incidents. They will anticipate, assess, and actively manage new and emerging threats. The Information Security Assistant will work with managers and employees across all departments to implement tactics to mitigate security threats to organizational mission and goals.
In partnership with the Facility Security Officer, implement security policies and procedures to meet US Government requirements and commercial best practices.
Assist with developing information security management framework.
Lead Security Incident Response, Third Party Information Security Assessment, Data Protection and Encryption, Identity and Access Management, and Privileged User Access to protect customer and employee data.
Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems, and services.
Establish appropriate vendor requirements to support policy requirements.
Work directly with business units to facilitate risk assessment and risk management processes.
Partner with business stakeholders across the company to raise awareness of risk management concerns.
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
Develop Cyber Security awareness and training, conducting new employee onboarding awareness and annual companywide training.
Deliver ad hoc security updates as appropriate.
Travel expected to be less then 10%.
EDUCATION AND KNOWLEDGE
Bachelor’s degree in electrical or telecommunications engineering or computer science.
Hold a key Industry certification in Information Security (e.g., CISSP, CISM, CISA, etc.).
Knowledge of DoD and Federal policy and regulations.
A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other security standards and policies.
5+ years of experience in Information/Cybersecurity in a public or large private technology company with a global customer base.
Demonstrated experience representing an organization’s information security program in presentations and discussions with customers, partners, and other external parties.
Well-versed in the rapidly evolving threat landscape with a strategic mindset to mitigate threats.
Excellent communication skills with an ability to build strong narratives to highlight the importance of security to employees internally and customers/shareholders externally, including both technical and non-technical audiences, ability to balance “business value” vs “security risk”.
Strong organizational skills and attention to detail.
Ability to generate professional, well-organized, high-quality schematics and system drawings, as well as design documentation and requirements specifications.
Must be self-motivated, dynamic, creative team player.
Strong analytical and problem-solving skills.
Ability to prioritize tasks and to seek assistance when appropriate.
Ability to act with integrity, professionalism, and confidentiality.
Ability to work independently, and collaboratively in a team environment.