This is an exciting opportunity for a Director role to lead and provide guidance, and support for the IT solutions and services delivered by Maximus Federal IT operations. You will be responsible for leading and supporting the overall security posture for ensuring the FedRAMP authorization and ATO for all our solution offerings. The role will include successful implementation, refinement and maintenance of the SIEM platform and associated functions. This is a critical role that will set our cloud compliance strategy and collaborate with teams across the company including Product, Engineering, Cloud Operations, Security. The Position will ensure pre- and post-authorization activities such as Gap Assessment, SSP Documentation, 3PAO Assessment and Continuous Monitoring.
•Demonstrate domain expertise in FedRAMP, NIST FIPS 199, NIST SP 800-53 Rev 4, NIST SP 800-37, NIST 800-171, DFARS 252.204-7012, FISMA, ITAR, and supporting Systems Security Assessment and Authorization (SA&A) for Federal Agencies.
•Develop and maintain cybersecurity plans, strategy, and policy to support and align with program cybersecurity initiatives and regulatory compliance.
•Risk Management by overseeing, evaluating and supporting the documentation, validation, assessment and authorization processes necessary to assure existing and new IT systems meet the organization’s/client’s cybersecurity and risk requirements.
•Provide Splunk Security leadership along with other cybersecurity technologies in order to support using security information and event management (SIEM) or security event management (SEM) best practices and enterprise security.
•Manage and review existing cloud security design, processes and supporting tools to ensure they are effective and leverage cloud security industry trends that can mitigate emerging threats.
•Ensure thorough technical documentation, e.g. System Security Plan (SSP) is maintained, using knowledge of security controls and security audits, for technical architecture, operational process and security processes
•Represent the MGEP solution to external organizations such as Federal Agencies ISO, FedRAMP PMO, JAB, DISA, and 3PAO assessors
•Leverage technical and program management skills to plan, track, collaborate and report on FedRAMP program deliverables, including scheduling and leading meetings, assigning and tracking action items, and developing status reports.
•Collect security control implementation review results, penetration testing results, and vulnerability scan results for reporting to authorizing agencies
•Stay abreast of market trends in the Public Sector cloud compliance space to maintain technical expertise and apply best practices to business challenges
Skills You Need to Succeed:
•Strong Public Sector industry experience of at least 10+ years, of which at least 3-5 years of Security and Compliance experience.
•Amazon Cloud Solution Architect – Associate Certification highly desirable
•Experience with cloud computing, specially security aspects of IaaS, PaaS, and SaaS environments
•Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
•Strong understanding of the latest security principles, techniques, and protocols
•Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
•Understanding of threat landscape including code and OS vulnerabilities
•Good understanding of Transport Layer protocols such as TCP/TLS and Application layer protocols such as HTTP and SIP
•Deep knowledge of overall FedRAMP and DOD Impact Level process and how security controls are implemented to meet compliance requirements
•Masters (MS) in information Security and Assurance
•Bachelor (BS) degree in Computer Science, Software Engineering or a closely related field or foreign equivalent
•Certification in CISSP, CISA is preferred but not mandatory
Essential Duties and Responsibilities:
- Develop, implement, and manage a strategic, comprehensive corporate and/or project/client information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
- Responsible in the review of all SOC policies and procedures.
- Provide leadership and oversight over the Security Operations Center (SOC) staff.
- Responsible for the establishment, planning and administration of overall policies, goals and procedures.
- Analyze staffing needs for coverage and proactively make adjustments when necessary.
- Measure staff’s performance through annual performance appraisals and provide training/development for continuous improvement.
- Provide/Demonstrate strong leadership, organizational and coaching abilities.
- Communicate with Information Technology professionals as well as senior management and auditors, assessors, and consultants.
- Perform other duties as assigned by management.
- Bachelor's degree required, five (5) years of people management experience, ten (10) years of experience in the related field.