Chenega Corporation Security Manager in New Carrollton, Maryland
CHENEGA WORLDWIDE SUPPORT, LLC
Company Job Title: Security Manager
Clearance: Background Check
Location: New Carrollton, MD
Reports To: Program Manager
FLSA Status: Exempt, Full Time, Regular
The Security Manager is responsible for planning and implementing risk management strategies, processes and programs. As the Security Manager you will manage the resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.
Duties and Responsibilities:
Development and execution of information risk controls and management strategies
Carry out risk assessment within a defined functional or technical area of business.
Use consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business.
Refer to domain experts for guidance on specialized areas of risk, such as architecture and environment.
Govern information risk management services for customer operations
Specialize on a specific technology and/or risk management discipline
Coordinate the development of countermeasures and contingency plans.
Apply standard procedures to enhance security or resilience to system interruptions.
Can take immediate action in an incident to limit business impact and escalates event to higher authority.
Apply and maintain specific risk management controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
Determine when issues should be escalated to a higher level.
Demonstrate effective communication of risk management issues to business managers and others.
Maintain knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks.
Implement and administer risk management technologies and process controls in a given specialism and conducts compliance tracking.
The specialism can be any area of information or communication technology, technique, method, product or application area.
Carry out risk assessment within a defined functional or technical area of business.
Use consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business.
Refer to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment.
Co-ordinate response to quantified risks, which may involve acceptance, transfer, reduction or elimination.
Assist with development of agreed countermeasures and contingency plans.
Monitor status of risks, and reports status and need for action to senior management. Information Assurance
Apply procedures to assess security of information and infrastructure components.
Identify risks of unauthorized access, data loss, compromise of data integrity, or risk of business interruption
Review compliance to information security policies and standards.
Apply procedures to assess compliance of hardware and software configurations to policies, standards, legal and regulatory requirements.
Communicate information assurance issues effectively to users and operators of systems and networks.
Demonstrate effective communication of security issues to business managers and others.
Develop and maintain knowledge of the technical specialism by, for example, reading relevant literature, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies.
Maintain an awareness of current developments in the technical specialism.
Apply and maintain specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.
Determine when security issues should be escalated to a higher level.
Analyze incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance.
Assess and report the probable causes of incidents and consequences of existing problems and known defects.
Conduct security control reviews in well-defined areas.
Provide advice, both reactively and pro-actively, to those engaged in activities where the technical specialism is applicable, including those in areas such as budgetary and financial planning, litigation, legislation, and health and safety.
Identify opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible.
Carry out specific assignments related to the technical specialism, either alone or as part of a team.
Maintain knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency
Other duties as assigned
Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)
Bachelor's Degree in Computer Science, Information Systems, or related field
Experience in moderate to large technology implementations and background as an administrator of IT systems, databases, or processes
Experience in Information Technology, which includes substantial experience in a risk management specialism
Certifications in at least one of the following CISSP, SANS GSEC
ITIL V3 Foundation Certification required
Minimum Background Investigation (MBI)
Knowledge, Skills and Abilities:
Understands and uses appropriate methods and tools and applications
Demonstrates analytical and systematic approach to problem solving
Takes initiative in identifying and negotiating appropriate development opportunities
Able to absorb and apply new technical information.
Able to work to required standards and to understand and use the appropriate methods, tools and applications.
Appreciates wider field of information systems, how own role relates to other roles and to the business.
Basic business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity.
Able to obtain information from business people in face to face situations, and to analyze information on users occupational tasks obtained by a variety of formal and informal means.
Analytical and creative approach to problem solving.
Familiar with the principles and practices involved in development, maintenance and in-service delivery.
Good technical understanding and the aptitude to remain up to date with IS security and developments.
Possesses a general understanding of the business applications of IT.
Effective and persuasive in both written and oral communication.
Demonstrates basic knowledge of information security principles.
Basic understanding the following 10 security domains with technical expertise in at least one of the domain areas:
Access Control Systems and Methodology
Business Continuity Planning and Disaster Recovery Planning
Security Management Practices
Security Architecture and Models
Law, Investigation, and Ethics
Application and Systems Development Security
Computer Operations Security
Relevant industry standards awareness / governmental regulations awareness
Disaster Recovery Domain
Basic understanding of the following 10 Business Continuity domain areas with technical expertise in at least two of the domain areas:
Project Initiation and Management
Risk Evaluation and Control
Business Impact Analysis
Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
- While performing the duties of this job, the employee is regularly required to sit and talk or listen. The employee is frequently required to walk; use hands to finger, handle, or feel and reach with hands and arms. The employee is occasionally required to stand; climb or balance and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision.
Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)
The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment.
During visits to areas of operations, the employee may be exposed to extreme cold or hot weather conditions; is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.
Chenega Corporation and family of companies is an EOE.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled/Sexual Orientation/Gender Identity
Native preference under PL 93-638.
We participate in the E-Verify Employment Verification Program.
Primary Location: United States-Maryland-New Carrollton
Organization: Chenega Worldwide Support
Strategic Business Unit: Military Intelligence and Operations Support
Security Requirements: Background Check
Job Schedule: Full Time Exempt
Recruiter: Thomas Orner
Req ID: 1900004840