Information System Security Manager (ISSM)

Title: Information Systems Security Manager (ISSM)

Location: Remote

Key Responsibilities:

Security Management:

• Develop, implement, and manage a comprehensive information security program for the ACL cloud platform, ensuring compliance with federal and HHS-specific security policies and regulations.
• Oversee the implementation and maintenance of security controls to protect sensitive data and cloud infrastructure.

Risk Management:

• Conduct regular risk assessments to identify vulnerabilities, threats, and risks to the cloud infrastructure.
• Develop and implement risk mitigation strategies to address identified vulnerabilities and enhance overall security.

Compliance and Audit:

• Ensure compliance with federal regulations and standards, including FISMA, FedRAMP, HIPAA, and HHS-specific security requirements.
• Conduct regular security audits and assessments, preparing detailed reports and remediation plans to address any findings.

Security Policies and Procedures:

• Develop, maintain, and enforce information security policies, procedures, and guidelines.
• Ensure that all security policies and procedures are up-to-date and effectively communicated to all stakeholders.

Incident Response and Management:

• Develop and manage an incident response plan to detect, respond to, and recover from security incidents.
• Lead incident response efforts, including investigation, coordination of remediation activities, and documentation of incidents and resolutions.

Security Awareness and Training:

• Develop and deliver security awareness training programs to educate staff and stakeholders on security best practices and policies.
• Promote a culture of security awareness across the organization, ensuring that security is integrated into all aspects of the cloud platform.

Continuous Monitoring:

• Implement and maintain continuous monitoring processes to detect and respond to security threats in real-time.
• Utilize security monitoring tools and technologies to ensure the integrity and availability of the cloud platform.

Security Architecture and Design:

• Collaborate with cloud architects and developers to design and implement secure cloud architectures and solutions that meet ACL's specific needs.
• Review and evaluate new cloud technologies and services to ensure they meet security requirements and best practices.

Collaboration and Coordination:

• Work closely with ACL program managers, IT staff, and other HHS entities to ensure security measures align with overall organizational goals and requirements.
• Coordinate with external partners and vendors to ensure their security practices meet ACL and HHS standards.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field. A Master's degree or relevant certifications (e.g., CISSP, CISM, CAP) are preferred.
• A minimum of 7-10 years of experience in information security, with a focus on cloud platforms and federal government projects, preferably within health and human services.
• In-depth knowledge of cloud security principles, architectures, and best practices for platforms such as AWS, Azure, or Google Cloud.
• Experience with security tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM solutions, and endpoint protection.
• Strong understanding of federal security standards and regulations, including FISMA, FedRAMP, HIPAA, and HHS-specific security requirements.
• Experience ensuring compliance with these regulations and conducting security audits and assessments.
• Proven experience in managing security incidents, including detection, response, remediation, and documentation.
• Ability to lead incident response teams and coordinate with internal and external stakeholders during security events.
• Experience conducting risk assessments, identifying vulnerabilities, and implementing risk mitigation strategies.
• Ability to obtain a Public Trust

Professional Skills:

• Sound business ethics, including the protection of proprietary and confidential information.
• Ability to work with all levels of internal staff, as well as outside clients and vendors.
• Strong stakeholder management, including advising and influencing clients regarding process improvement initiatives, and working positively.
• Skilled communicator with clients and employees.
• Excellent verbal, interpersonal and written communication skills.
• Strong analytical, problem-solving, and decision-making capabilities.
• Team player with the ability to work in a fast-paced environment.
• Demonstrated outstanding level of professionalism in providing client support, including ability to exercise good judgment, discretion, tact, and diplomacy.

#WHYPBG

PBG is a leading small business provider specializing in Strategy and Design and Digital Transformation services for National Security and Federal Civilian clients.

We have successfully built a company culture based on our single most important asset - our employees. At PBG we are passionate about employee engagement and make it our business to provide our employees a range of challenging and rewarding opportunities that align with business strategy, promote teamwork and inspire innovation. A job is where you are spending most of your day, so PBG believes in making it a fun, collaborative, and productive environment. We want our employees to have the opportunity to grow and be part of a company that is making a lasting contribution to our customers. 

Benefits:

• 401K Retirement Plan
• Medical Plan options with significant financial investments from PBG
• Prescription benefit plan
• Dental and Vision coverage
• Employee Assistance Program
• Short term / Long-term disability
• Supplemental group life and AD&D options
• Yearly Bonuses
• Generous Paid Time Off / Paid Holidays
• Career/Professional Development Program
• Spot Bonus Program

Diversity & Inclusion

PBG celebrates diversity and is proud to provide Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetics, disability, or protected veteran status. In addition to federal law requirements, PBG complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities

Disclaimer:

This job description reflects management's assignment of essential job functions but is not intended to be a comprehensive list of all activities, duties and responsibilities required by the job incumbent. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.