|
Chief Information Security Officer - Austin Texas
Company: Ultra Location: Austin, Texas
Posted On: 05/01/2024
Company: Ultra Intelligence & Communications Intelligence & Comms SBU Provide Decision Advantage to Mission Partners Around the World Join us in our mission to provide the world's military members with the latest, most customizable solutions and capabilities, enabling mission success anywhere around the globe. At Ultra Intelligence and Communications (I&C), we provide critical, tactical capabilities to enhance and accelerate decision-making in the most challenging environments. By joining us, you will experience unrivaled opportunities for growth and innovation and be a part of a dynamic and diverse team that pushes boundaries and drives meaningful change in intelligence and communications. Job Description The Chief Information Security Officer is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. This Information Security Leader will proactively work with the VP Information Technology, business unit leaders, Senior Management and the Board of Directors to implement practices that meet defined objectives and standards for information security. The position will also oversee a variety of IT-related risk management activities. Working as a key member of the Ultra I&C Information Technology team reporting to the VP Information Technology, they will ensure the ongoing compliance with internal and external security requirements such as DFARS 252.204-7012, NIST 800-171, CMMC, ISO 27001, Cyber Essentials +, PCI DSS and corporate security policies. Responsibilities: - Coordinate with IT leaders and business partners to set the strategic direction of the enterprise IT security program, ensure integration with business systems/applications strategies, introduce evolutionary concepts, and solicit feedback to ensure alignment with the business goals.
- Develop and maintain up-to-date information security policies, procedures, and guidelines.
- Manage information security policy approval, publication, and training processes.
- Facilitate information security governance through the implementation of a hierarchical governance program across Enterprise and Business Unit (BU) IT, including managing the information security steering committee.
- Lead and manage the cybersecurity incident response process.
- Monitor the external threat environment for emerging threats & advise relevant stakeholders on the appropriate risks and courses of action.
- Coordinate the use of external resources involved in the information security program, including, but not limited to, vendor selection, negotiating contracts and fees, and managing 3rd party providers.
- Develop a metrics and reporting framework to measure the efficiency and effectiveness of the program and increase the maturity of the security program and its processes.
- Provide strategic risk guidance for IT projects, including evaluation & recommendation of technical controls, secure enterprise architecture design and life cycle management.
- Works closely with IT and Engineering organizations to ensure systems security is appropriately considered at onset of initiatives and throughout technology lifecycle.
- Coordinate & manage information security awareness training programs for all employees, contractors, and approved system users.
- Define and facilitate the information security risk assessment process, including the reporting and oversight of remediation efforts to address findings.
- Own the vulnerability management reporting process as well as coordinating with BU IT remediation of vulnerabilities. Required Skills and Qualifications:
- Bachelor's degree in Computer Science, Information Systems, Information Security or closely related field required.
- Minimum 7 years of experience in Information Security or IT Management, or related technical position.
- Prior experience in a similar capacity working for a defense contractor.
- Prior experience with industry standards implementation and governance with at least two of the following: PCI DSS, NIST 800-171, NIST 800-53, CMMC, Common Criteria, ISO27001, ISO27002
- Minimum 3 years of experience with IT audit and compliance
- Prior experience with IT vulnerability management and penetration testing.
- Prior experience with physical security and data center management.
- Relevant experience with Incident and Change management.
- Solid understanding of Microsoft operating systems. Desired Skills and Qualifications:
- Unique skills or certifications needed to perform essential functions of the job to include one or more from the following groups: CISSP, CISM, CISA, ISP, Cloud Security related certifications
- Strong written and verbal communicator.
- Ability to work effectively in both managerial and hands on roles. Travel:
This position requires occasional travel to business sites in the US, Canada, and the UK. Physical requirements of the job: - Sitting for extended periods of time
- Some repetitive motions
- Some physical effort - lifting up to 50 pounds.
- Occasional varied hours, including working at night or on weekends Notice
Due to the nature of the programs we deliver for our customers, candidates may need to obtain the relevant security clearance or handle export-controlled material as defined by the role's requirements. Our Benefits Every employee is critical to our success, and as such, we offer a range of flexible employee benefits, including: |
|