Supervisory Information Technology

Description:

DUTIES:

• Oversees the cybersecurity program for the IT Division within the Sentinel Systems Directorate:Including managing info security implications within the program to include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.
• Cyber Policy and Strategy Planner: Develops cyberspace plans, strategy, and policy to support and align with organizational cyberspace missions and initiatives.
• Vulnerability Assessment Analyst: Performs assessments of systems and networks within the Network Enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
• Cyber Defense Analyst: Uses data collected from a variety of cyber defense tools (e.g., Intrusion Detection System alerts, firewalls, network traffic logs, etc.) to analyze events that occur within their environments for the purposes of mitigating threats.
• Leads a diverse team of cybersecurity subject matter experts in developing and managing a portfolio of Authority to Operate (ATO) packages; implementing the Risk Management Framework (RMF); reviewing Bodies of Evidence (BOE) and identifying/suggestion mitigations efforts for cybersecurity vulnerabilities.

• Develops and maintains business, systems, and information processes to support enterprise mission needs; translates technology and environmental conditions (i.e., law and regulation) into IT rules and requirements that describe baseline and target architectures.
• Develops cyberspace plans, strategies, and policies to support and align with organizational cyberspace missions and initiatives.
• Conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies. Assesses the level of risk and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

• Coordinates with Authorizing Officials to ensure ATO is obtained and maintained while ensuring risks are mitigated to include issues associates with Cross Domain Solutions (CDS), Interconnection Security Agreements (ISA), Foreign Ownership Control or Influence (FOCI), and Security Impact Analysis (SIA).
• Advises IT Division leadership on all cybersecurity activities to include cost, schedule, and performance impacts of accreditation timeline.
• Serves as consultant and technical expert to junior technical staff and program managers, senior subject matter specialists and/or agency officials on information systems security.
• Develops and presents technical briefings and reports to senior leaders for technical cyber topics as directed.
• Engages with geographically dispersed stakeholders to ensure Sentinel cybersecurity activities are successfully planned, coordinated, and executed.

• Ensures the consistent application of policies and standards across all technology projects, systems, and services.
• Develops and enhances an information security management framework.

SKILLS :

• At least 10+ years of relevant experience with day-to-day operations of a cybersecurity program is typically required.
• Comprehensive understanding of the Department of Defense RMF (with implementation of multiple cyber control features) is required.
• Experience in conducting and/or evaluating penetration testing, vulnerability and risk assessments, security policy development, and risk mitigation procedures is preferred.
• Experience in Cloud computing/Elastic computing and network architecture across virtualized environments is desirable.
• Strong background in Digital Engineering (DE), Model Based Systems Engineering (MBSE), and cyber accreditation processes/procedures is highly valued.
• Knowledge of common cybersecurity policies such as National Institute of Standards and Technology (NIST), Federal Information Processing Standards (FIPS), Committee on National Security Systems (CNSS), and Department of Defense (DOD) cybersecurity standards and regulations is required.

• Strong leadership, innovative thinking, employee mentorship, teamwork, and excellent communication skills to effectively interface with internal and external stakeholders at all levels as well as the independence, assertiveness, self-reliance, with a high level of personal integrity to get the job done is desirable.
• Experience developing, implementing, and monitoring a strategic, comprehensive enterprise information security, IT risk management programs, and risk assessments is desired.
• Knowledge of or experience in software development using Scaled AGILE or other best in class development practices is valued.