Information Security Manager

FWG Solutions is a rapidly growing systems integrator and premier small business provider of technology services to government and commercial clients. We are a trusted provider of cybersecurity, logistics, advanced engineering and operational support services to the United States Department of Defense (DoD), Intelligence Community and Federal Civilian agencies. We are a quality driven organization that leverages its ISO 20000-1:2011, ISO 27001:2013 and CMMI quality standards, certifications and service delivery expertise to support all of our clients.
The Information Security Manager will be a key member of the cyber team. This position will be responsible for partnering with the executives and leadership team to develop an actionable information security strategy and operations for the Company. The ISM will conduct risk analyses, compliance scans, and testing, as well as provide training to safeguard the company from privacy and sensitive information breaches.
ESSENTIAL DUTIES & RESPONSIBILITIES·        Research, test, train and implement programs designed to safeguard privacy and sensitive information from breaches·        Conduct risk analyses from vulnerability, compliance scans, pen testing results and other audit activity·        Write Plan of Action and Milestones (POAMS), System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses·        Establish System and Organizational Controls (SOC) and audit processes.·        Provide regular reporting on the status of the information security, risk and compliance programs to senior business leaders as part of a strategic IT risk management program to support business outcomes·        Work with company leadership to promote and institutionalize security and compliance practices through training, workshops, and continued awareness·        Educate the organization on information security best practices and ensure the organization is compliant with NIST 800-171 / CMMC 2.x policy and frameworks·        Keep corporate security policies, standards, and procedures fresh and fit for purpose, and make sure staff across the board comply on a day-to-day basis without fail·        Participate in responsible innovations, emulating what might happen in the real world and ensuring everyone is on the same page when it comes to threats such as but not limited to Phishing, Hack-a-thon, Adversarial simulations… ·        Audit and assess existing IT infrastructure for any security risks ·        Document zero trust architecture and implement, participate in bid and proposal activities·        Continuously assess vulnerabilities and find fixes before incidents occur·        Develop policies on security incidents and team with the CINO / Cyber Executive to create emergency responses in the face of security breaches·        Oversee development of a disaster recovery plan to allow for business continuity post-cyber-attack·        Identify and manage asset inventories and high value assets·        Participate in hiring, training, staff development, performance management and annual performance reviews as required·        Articulate IT security and technical issues in a non-threatening, clear and actionable manner to non-technical teams.·        Prepare data analytics and facilitate metrics reporting frameworks to measure efficiency and effectiveness·        Track and report on operational metrics as well as KPI's appropriate for executive leadership·        Confirm and implement an up-to-date information security management framework based on the NIST Cybersecurity Framework, NIST 800-171 and ISO 27001 controls·        Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global standards and regulations·        Other duties related to the business functions of FWG Solutions, as assigned REQUIREMENTS & QUALIFICATIONSEducation:·        High School Degree Required·        Bachelor’s degree in Business Administration or a technology-related field; or equivalent work/education related experience
Licenses & Certifications:·        Active or eligibility to obtain a U.S. Secret Security Clearance
Experience:·        Required minimum of eight (8) of relevant experience with a combination of experience in information security, risk management and IT compliance·        Required minimum of five (5) years’ experience in a senior leadership role·        Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment·        Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and/or FDA 21 CFR Part 11·        Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53, 800-171 and Cybersecurity Framework·        Experience leading global data privacy program is a plus
Skills & Abilities:·        Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various levels, ranging from board members to technical specialists·        Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization·        Poise and ability to act calmly and competently in high-pressure, high-pressure situations.·        Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding and dynamic environment·        Project management skills: financial/budget management, scheduling, and resource management·        Ability to lead and motivate the information security and compliance team to achieve tactical and strategic goals·        High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
 Other:·        Ability to travel CONUS and OCONUS, if requiredThis opportunity offers career development and growth, competitive compensation, and a robust benefits package with 4 Weeks PTO w/ rollover, 11 paid holidays, company paid events and training, and 401(k) retirement plan with company match. FWG holds multiple government contracting vehicles as a Prime Contractor to include: 8(a) Set-Aside; STARS III; GSA IT-70; Army ITES-3S; and CIO-SP3. FWG Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law. FWG welcomes all individuals with disabilities and protected veterans to apply for our jobs.