Job Description

Job Summary

The Information Security Manager is responsible for developing, implementing, and maintaining the organization's information security program aligned to FISMA and the NIST Cyber Security Framework to ensure the confidentiality, integrity, and availability of our information and information system assets. This includes the development of policies, procedures, processes, creation of Security Authorization packages, and oversight of monthly Continuous Monitoring reports, which include vulnerability scanning, interviews, and system testing.

The manager supports security engineering architecture reviews of CSBS information systems, ensuring they are designed and built around protection needs with proven security architectures. They work with stakeholders, including system owners, engineers, auditors, and the security department, to develop deliverables, recommend solutions, and maintain or establish Authority to Operate (ATO) statuses for systems and platforms.

Essential Functions

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made for individuals with disabilities. Other duties may be assigned to meet business needs.

This role involves hands-on tasks to monitor and manage the security posture of CSBS's IT services, including analysis and evaluation of system design, architecture, and engineering practices.

Security Program Management

• Develop security programs and projects with the CISO to address risks and security requirements.
• Assess threat landscapes, analyze risks, and report findings.
• Collaborate on budget projections, compliance monitoring, policy updates, vendor contracts, incident management, and security metrics development.

Security Engineering Architecture Reviews

• Ensure security considerations in architecture and hardware/software evaluations.
• Recommend technical controls, oversee security projects, and lead deployment of new security technologies.

CSF and RMF ATO Support

• Develop security documentation such as SSPs, SARs, risk assessments, and contingency plans.
• Participate in governance, manage vendor compliance, oversee risk management, and improve processes.

Additional Responsibilities

• Monitor industry trends, contribute to forums, and implement planning and policy changes.

Minimum Qualifications

• Bachelor's degree in relevant field or equivalent experience.
• Certifications such as CISSP, GIAC, or CCSP required.
• 12+ years of relevant experience, including 10+ in InfoSec, with expertise in risk assessments, cloud/mobile environments, and NIST standards.

Knowledge, Skills, and Abilities

• Developing security policies, understanding network security principles, and familiarity with industry standards.
• Deep knowledge of security technologies, cloud security, scripting, incident response, and effective communication skills.

Requirements

• Interaction with confidential supervisory information, disclosure of conflicts of interest, and eligibility for a U.S. Government clearance.

Values and Leadership

CSBS emphasizes work-life balance, collaboration, leadership at all levels, and a culture of honesty, respect, and innovation.

Working Conditions

• Office environment, some travel required.

This description is subject to revision, and employment is at-will.

Compensation

Offers are based on experience and market, with comprehensive benefits, flexible work arrangements, and an inclusive culture. More details are available on CSBS Careers.

Job Tags

Similar Jobs