Information Security Manager /Chief Security Architect

About the position Peraton is hiring an Information Security Manager /Chief Security Architect that will serve as the principal advisor on all cybersecurity matters, technical and otherwise, involving the security of infrastructure supporting delivery of enterprise information technology services to a state agency. This position is remote. Day to Day Roles and Responsibilities: Ensuring all aspects of the project remain in compliance with all applicable security standards and requirements. Ensures the implementation of the Risk Management Framework (RMF), through the required government policy, make recommendations on process tailoring, participate in and document process activities. Will deliver information security support and design recommendations adhering to customer security policies and compliance mandates while fulfilling customer requirements. Will perform periodic assessments of systems and networks within the networking environment and/or enclave and will identify where those systems and networks deviate from acceptable configurations, enclave policy, and compliance requirements. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Document the results of Assessment and Authorization (A&A) activities and technical or coordination activity and prepare the System Security Plans and update the Plan of Actions and Milestones (POA&M). Provide oversight and guidance of information security personnel performing system analysis looking for patterns of non-compliance; ensure appropriate administrative or programmatic actions which minimize security risks and insider threats. Provide oversight and guidance ensuring systems are properly configured, optimized, and tested ensuring all policy and technical standards are met. Manage all cybersecurity related processes and procedures in the documentation of access control lists on routers, firewalls, CE, printing devices, and other network devices. Assess the performance of cybersecurity security controls within the environment. Perform control validation and remediation validation of network servers, routers, and switches to ensure they comply with security policy, procedures, and technical requirements. Evaluate potential cybersecurity security risk and take appropriate corrective and recovery action utilizing various tasking mechanisms such as Service Now

Responsibilities

• Ensuring all aspects of the project remain in compliance with all applicable security standards and requirements.
• Ensures the implementation of the Risk Management Framework (RMF), through the required government policy, make recommendations on process tailoring, participate in and document process activities.
• Will deliver information security support and design recommendations adhering to customer security policies and compliance mandates while fulfilling customer requirements.
• Will perform periodic assessments of systems and networks within the networking environment and/or enclave and will identify where those systems and networks deviate from acceptable configurations, enclave policy, and compliance requirements.
• Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Document the results of Assessment and Authorization (A&A) activities and technical or coordination activity and prepare the System Security Plans and update the Plan of Actions and Milestones (POA&M).
• Provide oversight and guidance of information security personnel performing system analysis looking for patterns of non-compliance; ensure appropriate administrative or programmatic actions which minimize security risks and insider threats.
• Provide oversight and guidance ensuring systems are properly configured, optimized, and tested ensuring all policy and technical standards are met.
• Manage all cybersecurity related processes and procedures in the documentation of access control lists on routers, firewalls, CE, printing devices, and other network devices.
• Assess the performance of cybersecurity security controls within the environment.
• Perform control validation and remediation validation of network servers, routers, and switches to ensure they comply with security policy, procedures, and technical requirements.
• Evaluate potential cybersecurity security risk and take appropriate corrective and recovery action utilizing various tasking mechanisms such as Service Now

Requirements

• Bachelors degree and 8 years of experience or a Masters degree and 6 years of experience or a High School diploma and 12 years of experience.
• Must be a U.S. Citizen.
• 2+ years’ experience with Risk Management Framework (RMF)
• 5 years of experience with FISMA, NIST, and state or federal information system requirements.
• Advanced written and verbal communication skills to effectively communicate security concepts and policies
• Security+
• CISSP
• CISA, or equivalent certifications (DoD 8570 IAM Level 2 equivalent).

Apply tot his job Apply To this Job