InfoSec Manager

About The Position

Requirements

• At least 10 years of progressive IT security experience, with a minimum of 3-5 years in a leadership or management role supervising teams.
• Understanding of Security Operations architectures (SIEM, Firewall, IDS/IPS, Vulnerability Scanning) and Incident Response lifecycles.
• Experience coordinating and overseeing the implementation of security projects.
• Ability to manage diverse teams, prioritize conflicting demands, and drive performance towards meeting SLA/contractual requirements.
• Excellent oral and written communication skills, with the ability to translate complex technical issues into business risks for senior management and government stakeholders.
• Bachelor’s degree required, Master’s degree preferred and a minimum of 10 years of progressive IT experience or equivalent experience.

Nice To Haves

• Familiarity with enterprise tools such as Splunk, Nessus, CSAM, and Patch Management systems is a plus
• Knowledge of risk management framework pertaining to IT Security a plus
• Knowledge of general management and auditing techniques for identifying problems, gathering and analyzing pertinent information, forming conclusions, developing solutions and implementing plans consistent with management goals.
• One industry-recognized project management certification such as: Agile Certified Practitioner (ACP) or Project Management Professional (PMP) a plus
• ITIL Foundations Certification a plus
• Certifications relating to IT Security (CISSP, GIAC, Security+) a plus

Responsibilities

• Provide day-to-day leadership, mentorship, and resource management for the SecOps and Compliance teams.
• Act as the primary liaison between the technical teams and the AOTO Information Security Officer (ISO) and Government Leads.
• Develop and execute strategic security plans that align technical capabilities (SIEM, Firewalls) with policy requirements (NIST 800-53, JISF).
• Synthesize data from Security Operations and Compliance activities to provide executive-level reporting on the organization's risk posture, security trends, and program health.
• Oversee the 24/7/365 efficacy of security tools and operational activities, including Incident Response (IR), Intrusion Detection/Prevention, and SIEM management (Splunk).
• Ensure timely triage, investigation, and remediation of security events, serving as the escalation point for critical incidents.
• Direct the Vulnerability Management program, ensuring scans are conducted, analyzed, and remediation efforts are coordinated effectively across cross-functional IT teams.
• Manage the implementation and maintenance of security infrastructure (Next-Gen Firewalls, Endpoint Protection, Web Gateways).
• Supervise the full lifecycle of Assessment & Authorization (A&A) activities, ensuring systems maintain Authority to Operate (ATO) in accordance with the Judiciary Information Security Framework (JISF) and NIST RMF.
• Oversee the development and maintenance of System Security Plans (SSPs), POA&Ms, and other critical security documentation in the CSAM tool.
• Ensure that new and existing systems integrate security controls early in the SDLC (Security by Design) and meet auditing requirements.
• Review and approve policy updates, Standard Operating Procedures (SOPs), and Concept of Operations (CONOPS) documents.
• Manage the IT Security Awareness Training and Phishing Simulation program, ensuring continuous improvement and high user engagement.
• Collaborate with AOTO project managers and system owners to ensure security resources are appropriately allocated to ongoing projects.
• Maintain awareness of emerging threat intelligence and regulatory changes to proactively adapt the program’s defense and compliance strategies.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year.
• Paid leave and paid holidays are prorated based on the employee’s date of hire.
• The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.