Reporting to the Deputy CIO for Technology and Infrastructure, the Cyber Security Manager provides leadership, direction and is responsible for the execution of strategic and operational plans for the cyber security functions within the Information Services Department.
The Information Services Department is the provider for enterprise IT services, enabling the mission of am FFRDC. This federally funded research and development center (FFRDC) is sponsored by the Department of Defense. The research center conducts research and development aimed at solutions to problems critical to national security. The cyber security team’s mission is to protect and defend information systems from cyber threats and adversaries.
In support of this mission, the cyber security manager leads a multidisciplinary team responsible for cyber incident response, monitoring, threat assessment and mitigation, cyber systems architecture design and implementation and sustaining enterprise cyber security capabilities. The team is also responsible for vulnerability assessment, enterprise mitigations and driving resolution of vulnerabilities within the organization. Additionally, the team is responsible for review of systems designs to ensure required security controls or risk acceptance, vulnerability mitigation and monitoring of services for cyber incidents.
The cyber security manager supports an innovative, forward thinking team to identify, develop and implement: processes and procedures to manage information technology and cyber risks, incident response, cyber resilience, establishes appropriate architecture and standards, and communication plans which are utilized to promote efficient and effective security and functionality of Laboratory information systems required for cutting edge research.
RESPONSIBILITIES AND DUTIES
• Establishes and drives measurable goals that are aligned with departmental and organizational goals to provide efficient and effective cyber protections.
• Plans and forecasts activity within the team as indicated by departmental and strategic projects, initiatives, and general direction.
• Accurately manages, explains, and forecasts the financial activity of the department including staffing and resource planning.
• Develops and maintains a balanced approach to cyber security that maximizes functionality of information systems while minimizing overall risks.
• Monitors and evaluates relevant industry trends and technologies.
• Ensures that the cyber security team is providing high quality support for all peer services including the resolution of incidents and requests in congruence with a Service / Operating Level Agreement and fulfilling customer requests at a world-class service level.
• Manages requests for prototyping, new projects and ensuring all initiatives are aligned with the department and organizations vision.
• Supports and actively participates in the process of communicating outage/emergency activities to the organization.
• Manage vendor relationships within the cyber security team.
• Initiates service improvement direction and continuous improvement to the cyber security team and individual contributors as a function of integrating customer feedback.
• Provides oversight for all business operations to ensure they are running at optimal and efficient level.
• Provide goals based metrics, data, and reporting of cyber security events as needed.
Communications and Collaboration
• Ensures information flows freely among other managers and the Department Office and Laboratory at large.
• Actively solicits cross-functional collaboration across individual contributors, teams, and sector managers.
• This position maintains and establishes new relationships with internal department stakeholders.
• This position maintains and establishes new peer relationships outside the Laboratory for the purpose of understanding industry best practices and applying them to strategic initiatives.
• Accurately manages, explains, and forecasts the financial activity of the sector including staffing and resource planning.
• Organizes outside purchases for timely delivery and expensing within the Laboratory procurement and financial guidelines.
• Analyzes any variances between actuals and plan and relating variances to the impact on sector operations and investments.
• Accurately forecasts future outside purchases and communicates any adjustments as appropriate.
This position is under general direction of the ISD Deputy CIO for Technology and Infrastructure. This position has financial responsibility of the Cyber Security sector budget.
This ideal candidate will maintain frequent contact with internal and external users (e.g. vendors, professional organizations) to collaborate in the pursuit of common missions, vision, values and mutual goals.
• Must be a U.S. citizen with the ability to obtain and maintain an active Secret clearance
• Bachelor’s degree in Information Technology, Cyber Security or related field.
• Demonstrated ability to develop plans that meet the architecture/technology needs of the organization while incorporating strategy, business priorities, goals, emerging technologies, industry trends, and economic viability.
• Ability to present ideas in context, which can be understood by technical, business and non-IT users
• Solution focused and proven skill in critical thinking and ability to build consensus among stakeholders
• Demonstrated success in developing, coaching, and mentoring staff in-line with the mission, vision, values, goals, and performance standards of formal and informal teams. Ability to encourage and facilitate cooperation and results-orientation.
• Ability to work analytically in a problem-solving environment.
• Demonstrated experience in setting/monitoring operational metrics to drive positive service outcomes
• Demonstrated experience in successfully writing complex RFPs, selecting vendor partner(s), and managing a supply chain of vendor partners
• Proven ability to identify and act upon opportunities for continuous improvement.
• Experience managing conflict and developing win-win solutions with others.
• Excellent verbal and written communication skills.
• Working knowledge of NIST security compliance standards.
• Active secret clearance preferred
• Experience with DoD Networks
• NIST Cyber Security Framework/Controls and DoD Risk Management Framework
• ITIL and Project Management experience
• Current information security certifications including CISSP or CISM
• Experience working with cloud providers (e.g. AWS and Azure) and securing cloud systems.
• A minimum of 12 years of relevant information security and IT operations experience.
• A minimum of 5 years of increasing managerial experience
WORKING LOCATIONS & ADDITIONAL INFO
• Location: Lexington, MA
• Relocation: Available if candidate moves within a 50 miles radius of the laboratory
• Employment Status: Full-Time Employee with full benefits (Medical, Dental, Vision, STD, LTD, PTO, Retirement)
• Other: All candidates must also successfully pass a Commercial Background Investigation (CBI).
This job posting sets forth the authorities and responsibilities of this position, which may be changed from time to time as shall be determined.
Odyssey Systems Consulting Group, LTD. is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, national origin, disability, sexual orientation, gender identity or expression, marital status, genetic information, protected veteran status, or other factors protected by federal, state, and/or local law. This policy applies to all terms and conditions of employment, including: recruiting; hiring; placement; promotion; termination; layoff; recall; transfer; leaves of absence; compensation; and training.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.