TCI has an immediate need for a Remote Information Security Manager of Operations. This is not a C2C opportunity. This is a long-term contract opportunity with probable extensions.
Note: This position requires US Citizenship.
SUMMARY
The Information Security Manager of Operations will be responsible for overseeing and managing the day-to-day activities related to information security, playing a crucial role in ensuring the confidentiality, integrity, and availability of systems and data. This position requires strong leadership skills, technical expertise, and a deep understanding of information security principles and best practices.
RESPONSIBILITIES
Security Operations Management
- Lead and managed the security operations team responsible for monitoring, detecting, and responding to security incidents.
- Develop and implement security policies, procedures, and standards to maintain a secure operating environment.
- Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security risks.
- Ensure compliance with relevant regulations, standards, and frameworks (e.g., GDPR, ISO 27001, NIST).
Incident Response and Management:
- Develop and maintain an incident response plan to mitigate security incidents effectively.
- Lead incident response activities, including containment, eradication, and recovery efforts.
- Coordinate with internal teams and external stakeholders to investigate security incidents and implement remediation measures.
Security Monitoring and Threat Intelligence:
- Oversee the implementation and management of security monitoring tools and technologies.
- Monitor security events and alerts to identify potential security threats and vulnerabilities.
- Stay informed about emerging threats and trends in cybersecurity through threat intelligence feeds and industry publications.
Security Awareness and Training:
- Develop and deliver security awareness training programs for employees to promote a culture of security awareness.
- Provide guidance and support to employees on security best practices and procedures.
Risk Management:
- Conduct risk assessments to identify and prioritize security risks to the organization.
- Develop risk mitigation strategies and controls to reduce the likelihood and impact of security incidents.
- Monitor and report on the effectiveness of risk mitigation efforts.
Vendor and Third-Party Risk Management:
- Evaluate the security posture of third-party vendors and service providers.
- Establish security requirements and standards for vendor contracts and agreements.
- Monitor and assess the security practices of vendors and third parties to ensure compliance with established standards.
REQUIREMENTS
- Minimum of 5 years of experience in information security, with at least two years in a management or leadership role.
- Bachelor's degree in computer science, Software Engineering, or a related field (equivalent professional experience may be considered for substitution for the required degree on an exception basis).
- One or more of the following certifications are a plus:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Other relevant certifications preferred.
- Understanding information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL.
- Maintaining security, assessing and evaluating security, and doing security incident forensic work.
- Experience with Government agencies, particularly the Department of Defense (DoD), on information security matters. Experience with Government Classified systems and the associated security requirements.
- Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc.)
- Basic network security knowledge (general principles).
- Excellent documentation and communication skills.
- Ability to organize tasks into milestones and successfully execute to project completion.
- Can work independently with little direct supervision.
- General cyber-security understanding.
- Remote work allowed for candidates within CST or EST time zones.