Serve as a security expert for the Delivery of Security services to a Aerospace and Defense Client.
Understands the controls based on the sector, such as National Institute for Standards and - Technology Cyber Security Framework. Payment Card Industry – Digital Security Standards (PCI-DSS), The Federal Risk and Authorization Management Program (FedRamp), North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards, Defense Acquisition Federal Regulation Supplement (DFARS), Federal Information Security Management Act (FISMA), Sarbanes-Oxley (SOX), Gramm–Leach–Bliley Act (GLBA), NIST 800-171 - Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations
Assess public cloud service providers (IaaS, PaaS, & SaaS) for the client and industry standards compliance
Analyze and design controls to secure on and off premises private, public, community, and hybrid cloud environments
Coordinates the preparation of and prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters.
Analyzes business activities and operations for risk. Identifies areas of potential loss or damage and quantifies impact. Implements and evaluates compliance with business risk-reduction policies, processes and standards. May participate in the development and maintenance of disaster recovery and business continuity plans.
Understands and execute in the role of a security delivery manager for a 24X7 security operation.
Travel possible up to 25% of time.
Position of Trust security clearance preferred..
Per Federal requirements, U.S. Citizenship required and no Dual Citizenship can be accepted.
10+ years’ of information technology systems design and planning experience; in systems, applications, or architecture
10+ years’ of working in risk assessments, risk management, controls monitoring, controls audits.
10+ years’ experience working SecaaS, Cloud Security or Third Party / Cloud Security Assessments including AWS or Azure; Or 5 years experience in cloud security and 2+ years of experience securing cloud services
10+ years’ of policy, procedures, standards, work instructions, report generation and managing projects.
10+ years’ of managing teams of 20 or more resources in different locations
Industry recognized certification in security (e.g., CISSP, CISA, CISM, etc.)
5 years’ experience with Cloud Security vendors
5 years’ experience with security tools such as Splunk, Tenable SC, Carbon Black, FireEye, ForeScout, Tripwire
5 years’ experience in managing and setting up a SIEM
5 years’ experience Enterprise IT security risk assessments and related frameworks (e.g., ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, etc.)
5 years’ experience: PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA, NIST
5 years’ experience with multiple, simultaneous vendor management
Technical (Bachelors of Science) Bachelor's Degree