Information Security Manager 3 (70126090)

LMG Technology Services•Austin, TX

14h•Remote

About The Position

This role focuses on managing and improving the agency's vulnerability remediation processes. The Information Security Manager will be responsible for establishing and maintaining a vulnerability baseline, classifying and prioritizing vulnerabilities based on risk, and coordinating remediation efforts with various system owners. The position involves tracking progress, producing reports, validating remediation actions, and identifying areas for program improvement. The goal is to ensure that vulnerabilities are addressed effectively and in alignment with NIST guidance and agency policies.

Requirements

8 Required Years of Experience in Vulnerability Inventory and Baseline Establishment
8 Required Years of Experience in Risk Classification and Prioritization
8 Required Years of Experience in tracking vulnerability remediation
8 Required Years of Experience in producing status reports
8 Required Years of Experience in validating remediation actions through available evidence, including vulnerability scan results

Responsibilities

Review existing vulnerability data from scans, assessments, and security tools.
Establish and maintain a consolidated vulnerability baseline.
Develop and document a remediation timeline for all identified vulnerabilities.
Categorize and prioritize vulnerabilities based on risk, severity, exploitability, and potential impact.
Align vulnerability classification and prioritization with applicable NIST guidance.
Validate that remediation timeframes align with agency expectations for different risk levels.
Coordinate remediation activities with system, server, and application owners.
Communicate clear remediation expectations, risk context, and required timelines.
Track remediation progress and identify blockers, dependencies, or delays.
Escalate overdue, high risk, or critical vulnerabilities to appropriate agency governance or oversight bodies.
Maintain ongoing tracking of vulnerability remediation status.
Produce periodic status reports summarizing remediation progress.
Validate remediation actions through available evidence, including scan results or other artifacts.
Confirm closure of vulnerabilities in tracking systems once remediation is completed and validated.
Ensure vulnerabilities that cannot be remediated within required timeframes are formally documented with approved risk acceptance or exception.
Identify process gaps, systemic issues, or control weaknesses affecting vulnerability remediation effectiveness.
Provide recommendations for improving vulnerability remediation processes and accountability, aligned with NIST standards and agency governance requirements.