Information Sceurity Manager of Operations

The Opportunity
The Office of Application and Technology Services (OATS) seeks highly motivated candidates for the Information
Security Manager of Operation position with the client reporting to the Chief Information
Security Officer. As the Information Security Manager of Operations you will be responsible for overseeing and
managing the daytoday activities related to information security within our organization. You will play a crucial
role in ensuring the confidentiality integrity and availability of our systems and data. This position requires
strong leadership skills technical expertise and a deep understanding of information security principles and best
practices.

Security Operations Management:

Lead and managed the security operations team responsible for monitoring detecting and responding to
security incidents.
Develop and implement security policies procedures and standards to maintain a secure operating
environment.
Conduct regular security assessments vulnerability scans and penetration tests to identify and address
potential security risks.
Ensure compliance with relevant regulations standards and frameworks (e.g. GDPR ISO 27001 NIST).

Incident Response and Management:
Develop and maintain an incident response plan to mitigate security incidents effectively.
Lead incident response activities including containment eradication and recovery efforts.
Coordinate with internal teams and external stakeholders to investigate security incidents and implement
remediation measures.

Security Monitoring and Threat Intelligence:
Oversee the implementation and management of security monitoring tools and technologies.
Monitor security events and alerts to identify potential security threats and vulnerabilities.
Stay informed about emerging threats and trends in cybersecurity through threat intelligence feeds and
industry publications.

Security Awareness and Training:
Develop and deliver security awareness training programs for employees to promote a culture of security
awareness.
Provide guidance and support to employees on security best practices and procedures.

Risk Management:
Conduct risk assessments to identify and prioritize security risks to the organization.
Develop risk mitigation strategies and controls to reduce the likelihood and impact of security incidents.
Monitor and report on the effectiveness of risk mitigation efforts.

Vendor and ThirdParty Risk Management:
Evaluate the security posture of thirdparty vendors and service providers.
Establish security requirements and standards for vendor contracts and agreements.
Monitor and assess the security practices of vendors and third parties to ensure compliance with established
standards.

NECESSARY KNOWLEDGE SKILLS AND ABILITIES

Following is a partial listing of the necessary Knowledge Skills and Abilities to perform the job successfully. It is
not an exhaustive list.
Ability to set the tone for the organization and motivate management and team.
Understanding information security regulations including the Federal Information Security Management Act
(FISMA) Federal Risk and Authorization Management Program (FedRAMP) ISO 27001 COBIT NIST and ITIL.
Maintaining security assessing and evaluating security and doing security incident forensic work. Knowledge
of vendors and their products including:
Experience with Government agencies particularly the Department of Defense (DoD) on information security
matters. Experience with Government Classified systems and the associated security requirements.
Updates job knowledge by tracking and understanding emerging security practices and standards participating
in educational opportunities reading professional publications maintaining personal networks and participating
in professional organizations.
Proficiency in Microsoft Office Suite (Word Excel Outlook etc.)

Innovative and creative mindset
Basic network security knowledge (general principles)
Excellent documentation and communication skills.
Ability to organize tasks into milestones and successfully execute to project completion.
Can work independently with little direct supervision.
General cybersecurity understanding

PREFERRED EDUCATION AND EXPERIENCE
Bachelors degree in computer science Software Engineering or a related field (equivalent professional
experience may be considered for substitution for the required degree on an exception basis).
Minimum of 5 years of experience in information security with at least 2 years in a management or leadership
role.
Candidates with one or more of the following certifications are a plus:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information System Auditor (CISA) or
other relevant certifications preferred.