Information Security Manager
Washington, DC
Applications have closed
FWG Solutions, Inc.
The Information Security Manager will be a key member of the cyber team. This position will be responsible for partnering with the executives and leadership team to develop an actionable information security strategy and operations for the Company. The ISM will conduct risk analyses, compliance scans, and testing, as well as provide training to safeguard the company from privacy and sensitive information breaches.
ESSENTIAL DUTIES & RESPONSIBILITIES· Research, test, train and implement programs designed to safeguard privacy and sensitive information from breaches· Conduct risk analyses from vulnerability, compliance scans, pen testing results and other audit activity· Write Plan of Action and Milestones (POAMS), System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses· Establish System and Organizational Controls (SOC) and audit processes.· Provide regular reporting on the status of the information security, risk and compliance programs to senior business leaders as part of a strategic IT risk management program to support business outcomes· Work with company leadership to promote and institutionalize security and compliance practices through training, workshops, and continued awareness· Educate the organization on information security best practices and ensure the organization is compliant with NIST 800-171 / CMMC 2.x policy and frameworks· Keep corporate security policies, standards, and procedures fresh and fit for purpose, and make sure staff across the board comply on a day-to-day basis without fail· Participate in responsible innovations, emulating what might happen in the real world and ensuring everyone is on the same page when it comes to threats such as but not limited to Phishing, Hack-a-thon, Adversarial simulations… · Audit and assess existing IT infrastructure for any security risks · Document zero trust architecture and implement, participate in bid and proposal activities· Continuously assess vulnerabilities and find fixes before incidents occur· Develop policies on security incidents and team with the CINO / Cyber Executive to create emergency responses in the face of security breaches· Oversee development of a disaster recovery plan to allow for business continuity post-cyber-attack· Identify and manage asset inventories and high value assets· Participate in hiring, training, staff development, performance management and annual performance reviews as required· Articulate IT security and technical issues in a non-threatening, clear and actionable manner to non-technical teams.· Prepare data analytics and facilitate metrics reporting frameworks to measure efficiency and effectiveness· Track and report on operational metrics as well as KPI's appropriate for executive leadership· Confirm and implement an up-to-date information security management framework based on the NIST Cybersecurity Framework, NIST 800-171 and ISO 27001 controls· Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global standards and regulations· Other duties related to the business functions of FWG Solutions, as assigned REQUIREMENTS & QUALIFICATIONSEducation:· High School Degree Required· Bachelor’s degree in Business Administration or a technology-related field; or equivalent work/education related experience
Licenses & Certifications:· Active or eligibility to obtain a U.S. Secret Security Clearance
Experience:· Required minimum of eight (8) of relevant experience with a combination of experience in information security, risk management and IT compliance· Required minimum of five (5) years’ experience in a senior leadership role· Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment· Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and/or FDA 21 CFR Part 11· Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53, 800-171 and Cybersecurity Framework· Experience leading global data privacy program is a plus
Skills & Abilities:· Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various levels, ranging from board members to technical specialists· Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization· Poise and ability to act calmly and competently in high-pressure, high-pressure situations.· Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding and dynamic environment· Project management skills: financial/budget management, scheduling, and resource management· Ability to lead and motivate the information security and compliance team to achieve tactical and strategic goals· High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
Other:· Ability to travel CONUS and OCONUS, if requiredThis opportunity offers career development and growth, competitive compensation, and a robust benefits package with 4 Weeks PTO w/ rollover, 11 paid holidays, company paid events and training, and 401(k) retirement plan with company match. FWG holds multiple government contracting vehicles as a Prime Contractor to include: 8(a) Set-Aside; STARS III; GSA IT-70; Army ITES-3S; and CIO-SP3. FWG Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law. FWG welcomes all individuals with disabilities and protected veterans to apply for our jobs.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Clearance CMMC COBIT Compliance DoD HIPAA ISO 27001 ITIL IT infrastructure NIST Pentesting Privacy Risk management Security Clearance Security Impact Analysis Security strategy SOC Strategy System Security Plan Travel Vulnerabilities
Perks/benefits: 401(k) matching Career development Competitive pay Flex vacation Health care Insurance Startup environment Team events Travel
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs