Senior Information Security Specialist
Modoc Tribal Enterprises Authority
- Reston, VA
- Permanent
- Full-time
- Develops and implements IT security policies, architectures, and standard operating procedures with a strategic perspective.
- Implements the standard methodologies used in the RMF process and serves as the organizational SME for NIST guidelines and industry best practices for: risk assessment and management, vulnerability assessment, contingency planning, disaster recovery, configuration management, security assessments, and development of mitigation plans.
- Conducts security assessments and develops all deliverables within a system authorization package.
- Implements, evaluates, and documents all technical, management, and operational security controls.
- Provides multi-disciplinary security administrative and technical security support to the organization.
- Provides recommendations to organizational stakeholders for the integration of security processes and compliance with Federal regulations and Departmental policy.
- Directs security efforts to increase efficiency and enforce a global security mindset.
- Provides strategic guidance for the further development of the security program.
- Develops policies and procedures supporting regulations, directives, and Departmental policy.
- Assists senior management with establishing a plan of action for the remediation of weaknesses.
- Provides direct information assurance guidance pertaining to the development and modification of information systems and industrial control systems.
- Provides strategic insight and continuous support for the integration of the system development life cycle.
- Provides recommendations concerning new and existing projects and assists project managers with security oversight.
- Coordinates with representatives and SMEs from other Federal Agencies and commercial organizations to maintain awareness of upcoming changes to regulations and technologies.
- Develops Risk Assessments in accordance with NIST guidance and delivers risk analysis and guidance as needed to organizational leadership.
- Current or ability to obtain a US Gov't Medium Background Investigation (MBI) security clearance
- 6 years minimum experience in conducting security assessments and developing all deliverables within a system authorization package
- Current ISC2 Certified Information Systems Security Professional (CISSP) or better
- Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework (RMF) process.
- Expert-level knowledge and experience with National Institute of Standards and Technology (NIST) guidelines and industry best practices for: Risk Assessment and Management, Vulnerability Analysis, Contingency Planning, Disaster Recovery, Configuration Management, Security Assessments and developing Mitigation Plans.
- Bachelor's Degree or better degree in IT related field of study or equivalent
- Excellent speaking, writing, and verbal communication skills
- Proficiency with Microsoft Office (Outlook, Word, PowerPoint, especially Excel)
- Experience working directly with customers and stakeholders
- Ability to work with diverse individuals, including cross functional teams
- Experience supporting National Park Service IT services and systems
- ITIL Foundation V3 or better
- Generous PTO Package
- 11 Paid Holidays
- Health Benefits Effective Immediately
- 401K and Immediate Company Matching
- Education Assistance
- Paid Parental Leave