Lead ISSO

About The Position

Requirements

• Bachelor’s degree (8-10 years' exp). Master's degree (6-8 years' exp) or a PhD (3-5 years' exp) in Computer Science, Information Security, Cybersecurity, or a related discipline (or equivalent work experience).
• 7+ years of experience in cybersecurity or system security-related roles.
• 3+ years of experience in leadership, mentoring, or team management roles in a security-focused environment.
• Proven hands-on experience with security operations, policies, and frameworks.
• Must possess and maintain an ACTIVE TS/SCI CLEARANCE
• Strong knowledge of cybersecurity frameworks and standards, such as NIST Risk Management Framework (RMF), FISMA, ISO 27001/27002, and GDPR.
• Thorough understanding of operating systems security (Windows, Linux, and Unix), network protocols, and security tools such as firewalls, VPNs, IDS/IPS, and endpoint protection.
• Experience using vulnerability scanning tools such as Nessus, Qualys, or Rapid7, and security information and event management (SIEM) tools like Splunk or LogRhythm.
• Demonstrated experience implementing and managing risk management processes, including vulnerability and threat assessments, risk remediation planning, and reporting to leadership teams.
• Proven success in preparing for and passing third-party IT audits or certifications (e.g., FISMA audits, SOC 2 audits, etc.).
• Solid understanding of authentication mechanisms (Active Directory, SSO, MFA), encryption standards (TLS, AES), and secure data management principles.
• Proven leadership experience managing teams of cybersecurity professionals and fostering collaboration across departments.
• Ability to work cross-functionally to influence security decisions and communicate complex technical issues to non-technical stakeholders.
• Strong ability to evaluate risks and vulnerabilities, mitigate threats, and respond to incidents with urgency and precision.
• Analytical skills to correlate security events and identify potential sources or anomalies.

Nice To Haves

• Scripting and automation experience with languages like Python, PowerShell, or Bash is preferred.
• Familiarity with cloud security best practices for platforms such as AWS, Microsoft Azure, or Google Cloud Platform.
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• GIAC Security Essentials (GSEC)
• AWS Security Specialty
• CRISC (Certified in Risk and Information Systems Control)
• Knowledge and experience with zero-trust architecture principles.
• Experience with DevSecOps and integrating security into CI/CD pipelines.
• Familiarity with tools such as AWS Config, Azure Security Center, or Google Cloud Security Command Center.

Responsibilities

• Manage and oversee a team of ISSOs, analysts, and engineers, ensuring alignment with organizational security goals and regulatory compliance requirements.
• Provide mentorship, training, and guidance for developing team members' skills and expertise.
• Assign and prioritize security-related tasks and initiatives to the team, and monitor progress to ensure objectives are met on time and within budget.
• Drive the implementation of best practices for system security, and manage the continual improvement of organizational cybersecurity posture.
• Serve as the primary subject matter expert (SME) on security policies, frameworks, and any applicable standards, such as NIST 800-53, RMF, FISMA, ISO 27001, HIPAA, or GDPR.
• Develop, implement, and maintain System Security Plans (SSPs) and other security documentation in accordance with relevant compliance frameworks.
• Lead periodic risk assessments and vulnerability assessments, identifying gaps, and ensuring remediation of findings.
• Manage the certification and accreditation (C&A) process, as well as other security control assessments required by governing bodies.
• Regularly conduct security audits and reviews to ensure systems meet security requirements and there are no lapses in controls.
• Monitor and assess security-related control systems, ensuring continuity, accountability, and compliance through all aspects of the System Development Life Cycle (SDLC).
• Oversee system security measures, such as access control, intrusion detection and prevention systems (IDPS), firewalls, data encryption, and vulnerability scanning.
• Manage the handling of security incidents and breaches, identifying root causes, documenting resolutions, and implementing preventative measures.
• Monitor security logs and review system audit trails for anomalous behavior or potential indications of unauthorized access.
• Maintain and enhance Incident Response and Business Continuity/Disaster Recovery (BCDR) frameworks.
• Collaborate with system owners, administrators, and third-party vendors to address security concerns and integrate security into system design and implementation.
• Provide security awareness training to employees, contractors, and third-party vendors to ensure compliance with security practices and organizational policies.
• Act as the primary liaison with external auditors and regulatory agencies regarding organizational security audits and compliance reviews.
• Draft, implement, and enforce security policies, standards, and procedures to protect organizational assets and data.
• Create and maintain systems documentation and ensure that security controls and processes are documented in detail for audits and internal use.
• Stay current with emerging cybersecurity threats, technologies, and regulations to recommend proactive solutions and ensure compliance with industry standards.

Benefits

• Health Insurance
• Life Insurance
• Paid Time Off
• Holiday Pay
• Short Term and Long-Term Disability
• Retirement and Savings
• Learning and Development opportunities
• wellness programs