Corporate Business Information Security Officer

About The Position

Requirements

• University degree in the field of information services or business administration.
• 10 years experience involved in or managing an IS and/or information security operation.
• 15 years experience working in the IS industry.
• Proven experience in planning, organizing and developing information security system technologies.
• Experience in planning and executing information security policies and standards development.
• Excellent knowledge of technology environments, including information security, building security and defense solutions.
• Considerable knowledge of business theory, business processes, management, budgeting and business office operations.
• Detailed knowledge of technology efforts regarding IS internal controls, risk management, information security, legal, contractual and litigation concerns, especially as they relate to current Federal Rules of Civil Procedure (FRCP) regarding electronically stored data and e-discovery.
• Substantial exposure and broad understanding of hardware platforms, enterprise software applications and outsourced systems preferred including: Palo Alto & Cisco (routers, switching, VPN and firewalls), Microsoft (CoPilot AI, Defender for Cloud, O365, AD/Entra and Azure), Oracle (OS, database, Fusion and PeopleSoft), Absolute Software, Rapid 7, IBM Guardium, SailPoint, ProofPoint, ZeroFox, SalesForce.com, SentinelOne & Microsoft Defender Endpoint Protection, SecureWorks/Sophos Taegis, Horizon3.AI
• Good understanding of computer systems characteristics, features and integration capabilities.
• Experience with systems design and development from business requirements analysis through to day-to-day management including e-discovery practices and procedures and forensic methodologies.
• Excellent understanding of project management principles.
• Experience with NIST/DFARS or ISO 27001 related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.
• Superior understanding of the organization’s goals and objectives.
• Experience working with cross-departmental teams to design, develop and implement NIST/DFARS 800-171 compliant solutions that meet current and future business requirements and enhance and optimize the existing security architecture.
• Ability to provide coaching and mentoring to team members in the areas of technical skills & competencies.
• Understanding of IS methodologies such as Agile, SDLC, ITIL, PMLC and QA/Test.
• Demonstrated ability to apply IS in solving information security problems.
• In-depth knowledge of applicable laws and regulations as they relate to information security.
• Proven leadership ability.
• Ability to set and manage priorities judiciously and independently.
• Excellent written and oral communication skills.
• Excellent interpersonal skills.
• Lead with optimism.
• Ability to remain calm during stressful situations.
• Ability to be flexible.
• Ability to adapt to changing situations.
• Strong negotiating skills.
• Ability to present ideas in business-friendly and user-friendly language.
• Exceptionally self-motivated and directed.
• Keen attention to detail.
• Superior analytical, evaluative and problem-solving abilities.
• Exceptional service orientation.
• Ability to motivate in a team-oriented, collaborative environment.

Nice To Haves

• Masters degree in information services or business administration.
• Certifications such as CISSP, CISM, ITIL v3+ and other information security-related preferred but not required.

Responsibilities

• Evaluate current state of information security for Allegis Group domestically and globally to include other federated environments and provide a regular executive summary for leadership as well as make recommendations for future state to elevate status, if necessary, to a best practices state.
• Participate as a member of the senior leadership team in governance processes of the organization’s information security strategies.
• In concert with company affiliates define and communicate corporate plans, procedures, policies and standards for the organization for acquiring, implementing and operating new information security systems, equipment, software and other technologies. Recommend and implement changes in information security policies and practices in accordance with changes in local, federal or international regulation.
• In concert with company affiliates lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment and management of current and future security technologies.
• Develop and communicate security strategies and plans to executive team, staff, partners, customers and stakeholders.
• Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits and enhancements.
• Develop, implement, maintain and oversee enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.
• Assess and communicate information security risks associated with acquisitions performed by Allegis Group.
• Remain informed on trends and issues in the information security industry, including current and emerging technologies. Advise, counsel and educate executive and leadership teams on their relative importance and financial impact.
• Assist OpCo BISOs and Information Security Analysts (ISAs) with decisions related to low-risk variances to information security standard baselines. Authority to recommend decisions on all moderate and high-risk variations to the CISO.
• Review all training related materials regarding information security to evaluate in terms of best practices for both internal and contract employees.
• Act as advocate and primary liaison for Allegis Group’s information security vision via regular written and in-person communications with executives, leadership and end users.
• Work closely with ACS IS on corporate technology development to fully secure information, computer, network and processing systems.
• Work closely with other BISOs and ISAs to foster security using the Confidentiality, Integrity, and Availability (CIA) triad guide policies for information security within the organization.
• Be cognizant of the administration of all information security systems and their corresponding or associated software such as perimeter devices including firewalls and intrusion detection systems as well as end-point solutions including encryption, anti-virus and data loss prevention (DLP).
• Work with ACS Real Estate to understand the administration of the facility’s security systems and their corresponding equipment or software.
• Develop, track and control any associated Allegis Group information security services spend (annual operating and capital budgets) for purchasing, staffing and operations.
• Review, educate and enforce information security policies.
• Coordinate associated activities with Consultant/Contractor end of assignment/de-provisioning project solutions.
• Coordinate efforts regarding francization & Canadian as well as other international modifications to standard data security training.
• Assist in a tracking effort solution regarding a semi-automated data security training audit.
• Participate in and ensure scope is accurate for all solutions deployed by Allegis Group, ACS or its affiliates that the solutions are effective such as secure file transfer, ISO 27001 certification and information security training for certain contractors and internal employees.
• Work with the ACS Information Security Office to include all company’s BISOs and ISAs to formalize a collaborative process for ACS’ Incident Security Response Team.
• Participate in contract review/negotiations on information security with ACS departments to include its affiliates. Provide training and guidance in conjunction with the ACS legal department on these topics periodically.
• Support acquisition due diligence for information security risks and support control design for integration.
• Ensure that facilities, premises and equipment of the corporate headquarters as well as local and global remote offices adhere to all applicable laws and regulations.
• In conjunction with ACS IS, provide resolution to information security problems in a cost-effective manner.
• Collaborate with the ACS Information Security Office leadership and human resources to establish and maintain a system for ensuring that security and privacy policies are met.
• Promote and oversee strategic security relationships between internal resources and external entities including government, vendors and partner organizations.
• Where necessary, supervise recruitment, development, retention and organization of security staff in accordance with specific OpCo budgetary objectives and personnel policies.
• Assist in team development while holding teams accountable for their commitments, removing roadblocks to their work; leveraging organizational resources to improve capacity for project work; and mentoring team members.
• Promote empowerment of the team, ensure that each team member is fully engaged in the project and making a meaningful contribution, and encourage a sustainable pace with high levels of quality for the team.
• Management responsibility for various teams including hiring, leadership, development and accountability for performance.
• Understanding how to communicate and engage with highly technical knowledge workers. Able to challenge analysts and architects thought processes to drive them to great solutions.
• Provide leadership and guidance to coach, motivate, and lead team members and organizations to their optimum performance.
• Drive team to consistently improve cycle time and speed to market. Ensure information flows in teams as appropriate to facilitate workflow, reduce cycle time and deliver high quality solutions.
• Developing and nurturing the team (hiring, training, growth plans, evaluations, continuous feedback).
• Effectively and efficiently lead a decentralized team.
• Own operational support activities including incident, request, change, and problem management.
• Develop a cohesive team through collaboration and motivation.
• Set clear expectations by promoting and encouraging transparency for each team member.
• Building and maintaining staffing and/or technology vendor relationships.
• Support the creation of ACS project, resource, and operational budgets and assist OpCos with the same.
• Establish operational/team objectives and goals.
• Evaluate conceptual aspects of technical designs of Information Security applications, systems and solutions to ensure sound decisions and investments are made in accordance with application architecture governance policies and standards.

Benefits

• Medical, dental & vision
• Hospital plans
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Company paid Basic Life and AD&D as well as voluntary Life & AD&D for the employee and dependents)
• Company paid Short and long-term disability
• Health & Dependent Care Spending Accounts (HSA & DCFSA)
• Transportation benefits
• Employee Assistance Program
• Tuition Assistance
• Time Off/Leave (PTO, Allegis Group Paid Family Leave, Parental Leave)