Risk Management Lead
Data Intelligence Technologies
- Springfield, VA
The Risk Management Lead provides leadership on the program to develop, modernize, and enhance information assurance capabilities to protect and defend NGA’s IS. The Risk Management Lead will report to the Division Chief for Risk Management (TESR).
- Provide leadership, guidance and training to a diverse team of security administrators, analysts, and IT professionals.
- Review, implement, update and document NGA-wide information security policies and procedures.
- Advise Risk Management and Cybersecurity Office leadership on NGA’s cybersecurity status.
- Manage security audits and vulnerability and threat assessments, and direct responses to network or system intrusions.
- Ensure fulfillment of information security mandates, including providing leadership with compliance reports and audit findings.
- Keeps abreast of industry security trends and developments, as well as applicable government regulations.
- Researches, evaluates, and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
- Create and execute strategies to improve the reliability and security of IT projects.
- Respond immediately to security-related incidents and provide a thorough post-event analysis.
- Active TS/SCI clearance
- Demonstrated leadership experience serving as an information security manager or information assurance/engineering team lead for a minimum of five (5) years.
- Demonstrated experience presenting briefings to senior customer management and customer stakeholders.
- Possesses an advanced security DODD 8570 certification, e.g., CISM, CISSP, CND, CSA, Security+
- Demonstrated leadership experience with RMF and accreditation processes (e.g. NIST800-53, ICD503).
- Demonstrated hands on experience with accreditation tools (e.g., Xacta, Nessus, AppDetective, WebInspect).
- Bachelor’s degree, or higher, in computer engineering, computer science, IS or cybersecurity-related discipline, or equivalent six (6) years’ experience in information assurance or systems and network security.
- A cloud-based industry security certification (e.g. CCSP, Microsoft Azure Security Engineer).
- Experience securing infrastructure solutions and applications deployed in public and/or community cloud environments.
- Experience implementing secure DevOps methodologies.
- Experience integrating AWS with DevSecOps teams.
- In-depth knowledge/expertise with one or more of the following tools: ArcSight, Continuum, Fortify, Tenable Security Center, Nessus; other Security Information and Event Management (SIEM) tools; antivirus such as Sophos and McAfee.
Wednesday, April 21, 2021