Cyber Information Security Officer (CISO)

Cyber Information Security Officer (CISO)

Seize your opportunity to make a personal impact as a Cyber Information Security Officer supporting National Nuclear Security Administration (NNSA). GDIT is your place to make meaningful contributions to challenging projects and grow a rewarding career.

At GDIT, people are our differentiator. As a Cyber Information Security Officer, you will help ensure today is safe and tomorrow is smarter. Our work depends on Cyber Information Security Officer joining our team where they will be responsible for managing a broad range of complex cyber operations and risk management activities. This is a technical position and requires deep and current practical experience in the subject area.

HOW A CISO WILL MAKE AN IMPACT

• Serve as the primary cyber security lead for PARTNER LLC, ensuring risk-balanced security measures are integrated into IT projects and activities 

• Maintain an understanding of current and emerging cyber threats at all times and make recommendations for mitigation to the CIO 

• Lead the development, ongoing improvement, and maintenance of the PARTNER LLC cyber security architecture

• Work in partnership with other Information Systems & Security (IS&S) managers in the development, implementation, and operation of a Security Operations Center (SOC)

• Maintain timely and effective communication with stakeholders to resolve cyber security issues (to include development and maintenance of employee cyber security training)

• Propose and provide input into IS&S architecture efforts that can be implemented to enhance detection, analysis, containment, and response 

• Manage compliance activities to support the contractor assurance program (i.e., patching and mitigation actions to resolve vulnerability scans)

• Establish cyber metrics to gauge program effectiveness and perform internal audits and assessments

• Establish policies and procedures to ensure appropriate cyber controls and monitoring are in place to ensure the confidentiality, integrity, and availability of PARTNER LLC and NNSA information

• Maintain security log infrastructure to monitor, analyze, and respond to log anomalies. Conduct packet capture analysis and ensure the logging infrastructure is monitored for risk to PARTNER LLC and NNSA information.  

• Manage intrusion detection/prevention systems, maintain continuous monitoring systems, and provide timely network traffic analysis

• Support the CIO and other cyber security personnel to ensure implementation of the cyber security program remains in compliance with DOE/NNSA and NIST requirements

• Establish and maintain a strong external network of cyber contacts to ensure threat information and best practices are incorporated into the PARTNER LLC cyber security program

• Work cooperatively with external organizations, as appropriate, to help improve the PARTNER LLC cyber program and security capabilities

• Plan, prepare, and devise work plans that ensure cyber efforts are conducted within approved budget and schedule parameters while implementing IS&S project management processes

• Monitor performance, ensure performance standards remain high, and document that risk management goals are accomplished

• Maintain a strong understanding of mission needs and use cases so that risk management and cyber operations activities effectively support the PARTNER LLC mission and program direction while managing risk in a balanced manner

• Leads communications efforts with the NNSA Production Office (NPO) federal customer on matters pertaining to cyber security and incident response

• Lead PARTNER LLC responsibility for coordination of external cyber security audits and assessments

• Ensures all PARTNER LLC systems have an approved Authority to Operate (ATO) from NPO

• Knowledge of emerging industry and government requirements including (e.g., Zero Trust Architecture, Quantum Resilient Crypto Transition, Cloud Security, Secure Software Supply Chain)

• Experience with Zero Trust Architecture such as Identity, Devices, Network, Apps & Workloads, Data, Visibility & Analytics, and Automation & Orchestration; Including knowledge of OMB, CISA, and NIST guidance on ZTA. 

• Experience with implementing cybersecurity technologies such as IDAM, XDR, SIEM, SOAR, ASM, CSPM and more

• Knowledge of classified environments policies and procedures such as DoD, DISA, and National Security System policies and guidance

WHAT YOU’LL NEED TO SUCCEED:

• Education: Bachelor's degree required, advanced degree in information technology, engineering, or related field preferred

• Required Experience: Minimum 12 years of relevant experience, including 8 years of management experience

• Required Technical Skills: Must possess one of the following certifications (or equivalent): CISSP, CPT, CHFI, or CCNP

• Security Clearance Level: Q clearance preferred. Top Secret acceptable.

• Required Skills and Abilities:

  ·                     Extensive experience with intrusion detection/prevention, log management and analysis, event monitoring and incident response.  

  ·                     Extensive experience with network security.  

  ·                     Extensive experience with vulnerability scanning and mitigation. 

  ·                     Experience with establishing and maturing enterprise risk management frameworks including expertise with RMF, Authorization to Operate (ATO) and Security Control Assessment (SCA) processes. 

  ·                     Experience leading self-assessments and supporting external audit activities 

  ·                     Ability to work semi-autonomously, strong decision making, time management, and customer service skills. 

  ·                     Familiarity with current application models, data analytics, cloud services, and mobility.  

  ·                     Familiarity with SIEM tools, next generation firewalls, and behavioral analytics 

  ·                     Strong written and oral communication skills. 

  ·                     Ability to be on-site, at Pantex, Monday-Friday during core business hours to support operational and management activities for cyber security. 

  ·                     Job may require on call support in the event of an operational or cyber security incident. 

  ·                     Ability to travel (expected to be no more than 10 weeks per year) to off-site locations to support DOE/NNSA mission requirements.  

  ·                     Specific knowledge of Federal cyber security and risk management requirements with an emphasis on NIST Special Publications (i.e., 800-53) Preferred Job Requirements.  

  ·                     Experience in coordinating sophisticated incident response from attacks by Advanced Persistent Threat (APT) actors.  

  ·                     Familiarity with DOE Cyber Security program and requirements. 

  ·                     Familiarity with the security development lifecycle for custom software. 

  ·                     Familiarity with supporting and enabling the DOE/NNSA mission.  

  ·                     Familiarity with business process re-engineering to include Six Sigma and/or Lean techniques. 

  ·                     Familiarity with implementing Governance, Risk, and Compliance (GRC) systems. 

• Preferred Skills: PMP certification desired but not required​

• Location: Pantex Site (near Amarillo, TX)

• US Citizenship Required

GDIT IS YOUR PLACE:

• 401K with company match

• Comprehensive health and wellness packages

• Internal mobility team dedicated to helping you own your career

• Professional growth opportunities including paid education and certifications

• Cutting-edge technology you can learn from

#gditcareers #ciso #nnsa #doe