Chenega Corporation Jobs

Job Information

Chenega Corporation Security Manager in New Carrollton, Maryland



Company Job Title: Security Manager

Clearance: Background Check

Location: New Carrollton, MD

Reports To: Program Manager

FLSA Status: Exempt, Full Time, Regular


The Security Manager is responsible for planning and implementing risk management strategies, processes and programs. As the Security Manager you will manage the resolution of incidents / problems throughout the information system lifecycle, including classification, prioritization and initiation of action, documentation of root causes and implementation of remedies.

Duties and Responsibilities:

  • Development and execution of information risk controls and management strategies

  • Carry out risk assessment within a defined functional or technical area of business.

  • Use consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and impact on the business.

  • Refer to domain experts for guidance on specialized areas of risk, such as architecture and environment.

  • Govern information risk management services for customer operations

  • Specialize on a specific technology and/or risk management discipline

  • Coordinate the development of countermeasures and contingency plans.

  • Apply standard procedures to enhance security or resilience to system interruptions.

  • Can take immediate action in an incident to limit business impact and escalates event to higher authority.

  • Apply and maintain specific risk management controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.

  • Determine when issues should be escalated to a higher level.

  • Demonstrate effective communication of risk management issues to business managers and others.

  • Maintain knowledge of specific technical specialisms, provides detailed advice regarding their application, executes specialized tasks.

  • Implement and administer risk management technologies and process controls in a given specialism and conducts compliance tracking.

  • The specialism can be any area of information or communication technology, technique, method, product or application area.

  • Carry out risk assessment within a defined functional or technical area of business.

  • Use consistent processes for identifying potential risk events, quantifying and documenting probability of occurrence and impact on the business.

  • Refer to domain experts for guidance on specialized areas of risk, such as compliance, architecture, finance and environment.

  • Co-ordinate response to quantified risks, which may involve acceptance, transfer, reduction or elimination.

  • Assist with development of agreed countermeasures and contingency plans.

  • Monitor status of risks, and reports status and need for action to senior management. Information Assurance

  • Apply procedures to assess security of information and infrastructure components.

  • Identify risks of unauthorized access, data loss, compromise of data integrity, or risk of business interruption

  • Review compliance to information security policies and standards.

  • Apply procedures to assess compliance of hardware and software configurations to policies, standards, legal and regulatory requirements.

  • Communicate information assurance issues effectively to users and operators of systems and networks.

  • Demonstrate effective communication of security issues to business managers and others.

  • Develop and maintain knowledge of the technical specialism by, for example, reading relevant literature, meeting and maintaining contact with others involved in the technical specialism and through taking an active part in appropriate learned, professional and trade bodies.

  • Maintain an awareness of current developments in the technical specialism.

  • Apply and maintain specific security controls as required by organizational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems.

  • Determine when security issues should be escalated to a higher level.

  • Analyze incidents and problems to show trends and potential problem areas, so that actions can be taken to minimize the occurrence of incidents and to improve the process of problem reporting, analysis and clearance.

  • Assess and report the probable causes of incidents and consequences of existing problems and known defects.

  • Conduct security control reviews in well-defined areas.

  • Provide advice, both reactively and pro-actively, to those engaged in activities where the technical specialism is applicable, including those in areas such as budgetary and financial planning, litigation, legislation, and health and safety.

  • Identify opportunities to apply the technical specialism within employing organization and closely associated organizations, such as customers, suppliers and partners, and advises those responsible.

  • Carry out specific assignments related to the technical specialism, either alone or as part of a team.

  • Maintain knowledge of the technical specialism at a detailed level, and is responsible for own personal growth and technical proficiency

  • Other duties as assigned

Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)

  • Bachelor's Degree in Computer Science, Information Systems, or related field

  • Experience in moderate to large technology implementations and background as an administrator of IT systems, databases, or processes

  • Experience in Information Technology, which includes substantial experience in a risk management specialism

  • Certifications in at least one of the following CISSP, SANS GSEC

  • CompTIA Security

  • ITIL V3 Foundation Certification required

  • Minimum Background Investigation (MBI)

Knowledge, Skills and Abilities:

  • Understands and uses appropriate methods and tools and applications

  • Demonstrates analytical and systematic approach to problem solving

  • Takes initiative in identifying and negotiating appropriate development opportunities

  • Able to absorb and apply new technical information.

  • Able to work to required standards and to understand and use the appropriate methods, tools and applications.

  • Appreciates wider field of information systems, how own role relates to other roles and to the business.

  • Basic business knowledge and an understanding of current and emerging information and communications technologies and their level of maturity.

  • Able to obtain information from business people in face to face situations, and to analyze information on users occupational tasks obtained by a variety of formal and informal means.

  • Analytical and creative approach to problem solving.

  • Familiar with the principles and practices involved in development, maintenance and in-service delivery.

  • Good technical understanding and the aptitude to remain up to date with IS security and developments.

  • Possesses a general understanding of the business applications of IT.

  • Effective and persuasive in both written and oral communication.

  • Demonstrates basic knowledge of information security principles.

  • Basic understanding the following 10 security domains with technical expertise in at least one of the domain areas:

  • Access Control Systems and Methodology

  • Network Security

  • Business Continuity Planning and Disaster Recovery Planning

  • Security Management Practices

  • Security Architecture and Models

  • Law, Investigation, and Ethics

  • Application and Systems Development Security

  • Cryptography

  • Computer Operations Security

  • Physical Security

  • Relevant industry standards awareness / governmental regulations awareness

  • Disaster Recovery Domain

  • Basic understanding of the following 10 Business Continuity domain areas with technical expertise in at least two of the domain areas:

  • Project Initiation and Management

  • Risk Evaluation and Control

  • Business Impact Analysis

Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

  • While performing the duties of this job, the employee is regularly required to sit and talk or listen. The employee is frequently required to walk; use hands to finger, handle, or feel and reach with hands and arms. The employee is occasionally required to stand; climb or balance and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision.

Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)

  • The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment.

  • During visits to areas of operations, the employee may be exposed to extreme cold or hot weather conditions; is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.

Chenega Corporation and family of companies is an EOE.

Equal Opportunity Employer Minorities/Women/Veterans/Disabled/Sexual Orientation/Gender Identity

Native preference under PL 93-638.

We participate in the E-Verify Employment Verification Program.

Primary Location: United States-Maryland-New Carrollton

Organization: Chenega Worldwide Support
Strategic Business Unit: Military Intelligence and Operations Support
Security Requirements: Background Check
Job Schedule: Full Time Exempt
Recruiter: Thomas Orner
Req ID: 1900004840