Client Services Security Director - Hybrid/Telework
Company: Disability Solutions
Location: Rockville
Posted on: May 4, 2024
|
|
Job Description:
Job Description Westat is an employee-owned corporation
providing research services to agencies of the U.S. Government, as
well as businesses, foundations, and state and local governments.
Westat's research, technical, and administrative staff of more than
2,000 is located at our headquarters in Rockville, Maryland, near
Washington, DC.Westat is committed to building a diverse workforce
and a culture of inclusivity, belonging and equity for all. We
believe that our greatest strength draws on the different
backgrounds, cultures, perspectives and experiences of our
employees.Westat is seeking a Director, Information Systems
Security Officer (ISSO) to lead our Client Security Services (CSS)
team. This leadership role is a critical member of the Chief
Information Security Officer's (CISO's) team and acts as an
interface between the CISO's strategic and process-based activities
and the CSS team they will lead. The Director must be able to
provide direction and mentoring for staff, interact directly with
internal and external clients, manage resources, meet deadlines,
and provide regular status and service-level reports to
management.The candidate should have experience managing direct
reports and working with Federal Government clients and have
extensive experience, securing information systems in accordance
with the National Institute of Standards and Technology (NIST) Risk
Management Framework (RMF, i.e. NIST 800-37 and 800-53). Expertise
in leading project teams and developing and managing projects is
essential for success in this role. In addition to supporting the
CISO's policies and strategies, the Director must be able to
prioritize work efforts - balancing operational tasks with
longer-term strategic security efforts.This role offers a hybrid
work arrangement, requiring the Director to be on-site 2
day/week.Job Responsibilities:--- Manage a staff of information
security professionals, hire and train new staff, conduct
performance reviews, and provide leadership and coaching
particularly in the areas of FISMA/NIST security compliance, and
including technical and personal development programs for team
members.--- Work with the CISO to develop budget projections based
on short- and long-term goals and objectives.--- Monitor and report
on client facing security activities that include security
authorization documentation creation, security control evidence
gathering, risk remediation, and security assessment
coordination.--- Propose changes to existing policies and
procedures to ensure operating efficiency and regulatory
compliance.--- Maintain FISMA authorization to operate (ATO) for
information systems.--- Assist resource owners and IT staff in
understanding and responding to security audit failures reported by
auditors.--- Provide security communication, awareness, and
training for audiences, which may range from senior leaders to
field staff.--- Work as a liaison with vendors and the legal and
purchasing departments to establish mutually acceptable contracts
and service-level agreements.--- Manage production issues and
incidents and participate in problem and change management
forums.--- Work with various stakeholders to identify information
asset owners to classify data and systems as part of a control
framework implementation.--- Serve as an active and consistent
participant in the information security governance process.--- Work
with the CISO and IT and business stakeholders to define metrics
and reporting strategies that effectively communicate successes and
progress of the security program.--- Provide support and guidance
for legal and regulatory compliance efforts, including audit
support.--- Manage outsourced vendors that provide information
security functions for compliance with contracted service-level
agreements.--- Formulate recommendations to resolve problems
impacting the quality and effectiveness of security controls in
software development projects.--- Participate in information
security working groups.Basic Qualifications:--- Typically requires
a bachelor's degree and a minimum of 10 years of IT leadership
experience, or an equivalent combination of education and
experience.--- Advance knowledge of FISMA, FedRAMP, HIPAA, PII, and
the entire NIST Risk Management Framework Remote v5.--- Proven
project management skills and experience in creating and managing
project plans, including budgeting and resource allocation.---
Certified Information Systems Security Professional (CISSP) or
Certified Information Security Manager (CISM), required.---
Experience with on premise and cloud environments.--- Experience
with developing and managing plans of action and milestones
(POA&M).Preferred Qualifications:--- Experience with GDPR and
CMMC.--- Experience with Nessus Tenable.--- Ability to develop and
guide information security team members and IT operations
personnel, and work with minimal supervision.Westat offers a
well-rounded and comprehensive benefits program focused on wellness
and work/life balance. Subject to plan requirements, employees may
participate in:
Keywords: Disability Solutions, Bethesda , Client Services Security Director - Hybrid/Telework, Accounting, Auditing , Rockville, Maryland
Click
here to apply!
|