Sr Principal Business Information Security Officer

About The Position

Requirements

• 12+ years of IT experience required.
• Minimum of 10 years of experience in Information Security.
• Experience leading an organization's achievement of FAR/DFARS and FedRAMP compliance.
• Strong knowledge of NIST 800-53, NIST 800-171, FAR/DFARS, CMMC, and FedRAMP.
• Strong communication and documentation skills, including briefing senior leadership and government stakeholders.
• Ability to translate regulatory requirements into actionable security controls and program strategies.
• Experience with NIST 800-37 Risk Management Framework (RMF).
• Possess at least one of the following certifications: CISM, CISA, CISSP, CGRC, CCP, CCA.
• Previous ISSO or BISO experience.
• Experience with HIPAA, HITRUST, and SOC 2 compliance.
• Demonstrated knowledge and experience in risk assessment and management, threat and vulnerability management, incident response, and identity & access management.
• Understand network protocols and packet analysis tools such as TCPDUMP and Wireshark.
• Knowledge of and experience with security-related systems and applications, firewalls, load balancers, intrusion detection/prevention, and web content filtering.
• Ability to work with multi-discipline teams and cross-functional management.
• Excellent verbal and written communication skills with the ability to collaborate effectively with other groups.
• Possesses a mastery of the use of information security tools and techniques.
• Has strong leadership, communication, and negotiation skills.

Nice To Haves

• CEH-Certified Ethical Hacker
• CISSP - Certified Information Systems Security Professional
• GISP-GIAC Information Security Professional
• GSEC-SANS GIAC Security Essentials
• Network+
• Security+

Responsibilities

• Lead GRC initiatives supporting federal contracts.
• Ensure compliance with federal cybersecurity frameworks including NIST 800-53, NIST 800-171, FAR/DFARS.
• Lead CMMC certification and/or FedRAMP authorization.
• Maintain organization information in the Supplier Risk Performance System (SPRS).
• Develop and maintain System Security Plans (SSPs), POA&Ms, and Authority to Operate (ATO) packages as needed.
• Conduct gap analyses security control assessments to ensure continuous compliance and readiness for external assessments.
• Support federal contractor information systems and ensure alignment with contract-specific security requirements.
• Collaborate with program managers, technical teams, and external clients to implement security controls to mitigate risks.
• Serve as a liaison with federal clients and third-party assessors.
• Lead the design, development, and maintenance of the security environment and architecture to ensure the assets are protected.
• Lead incident response activities, ensuring security incidents are properly contained, eradicated, and recovered.
• Drive development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification and destruction.
• Ensure proper security logs are generated and sent to the organization’s Security Information and Event Management (SIEM) system.
• Research and implement emerging technologies to enhance the security portfolio.
• Persistently evaluate adherence with defined policies and standards.
• Lead efforts with identifying, remediating, and/or mitigating vulnerabilities in the environment.
• Monitor and ensure systems revisions and patches are up to date.
• Build cross function team unity by supporting other Magellan team members to understand security risks and impact to all corporate solutions.
• Perform forensic analysis and risk assessments for the entire environment.
• Design and manage enterprise high-availability solutions running a complex arrangement of operating systems.

Benefits

• Comprehensive benefits package including health, life, and voluntary benefits.
• Short-term incentives.
• Professional growth and development opportunities.
• Total health and wellness programs.
• Rewards and recognition programs.