Manager, Cyber Security Programs

Manager, Cyber Security Programs
Hybrid from Reston, VA

Summary:
SES Space and Defense is looking for a Manager, Cyber Security Programs as part of its growing Cyber Organization that focuses on Program Cyber Security. The ideal candidate will have a deep understanding of cybersecurity principles, especially in areas of RMF and NIST family of standards.

 Primary Responsibilities:

• Design, integrate, implement, and promote security features, products, and procedures to ensure operational system certification and authorization. Assess and mitigate system vulnerabilities. In addition, the Cyber Security Manager would also act as the Subject Matter Expert (SME) for new Cybersecurity efforts and activities for the organization
• Ensure system compliance within the Risk Management Framework (RMF) and associated policy, procedures, and guidelines
• Provide hands-on cybersecurity expert support, guidance, and quality assurance for projects/programs and for team members
• Must serve as Subject Matter Expert (SME) on system certifications and authorization matters
• Provide review of customer required security plans to include Concept of Operations (CONOPS), Operations Security (OPSEC), standard practices, and procedures
• Interfacing with Program Management ensuring compliance with established program security plans and customer directives
• Review, prepare, and update Authority to Operate (ATO) packages in accordance with NIST Risk Management Framework (RMF) and customer policy, procedures, and guidelines
• Identify and communicate changes that might affect Information System (IS) security authorization status
• Performing self-inspections and investigations as required by government regulations
• Participating in customer audits and inspections
• Analyzing, interpreting, and verifying disaster recovery/contingency plans assuring the rapid recovery in the event of an emergency or disaster
• Manager of vulnerability and patching program providing weekly status updates to managing organization
• Developing, revising, and maintaining Plan of Action and Milestones documentation (POA&Ms)
• Participate in the aligning and coordinating of patching and hardening efforts to complement schedules as necessary
• Developing, revising, and maintaining continuous monitoring plans – schedule frequency and manning
• As member of the Change Control Board (CCB), approve change and configuration requirements in a timely manner
• Developing, revising, and maintaining all system information security related policies and procedures
• Preparing internal and external customer reports in a timely manner
• Update job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
• Collaborate and support cross-functional engineering team
• Support the hardening of critical infrastructure, site visit and validations (NOCs/SACs)

 Qualifications Requirements and Preferences:

• Must have one, or more, of the following DoD 8570.01-M required certifications: CISSP, CISM, CASP, or GSLC, SANS CEH, GIAC, etc
• Bachelor’s (BS) Degree in Computer Science or related field required
• 8 years of closely related experience/expertise in Information Assurance/Cybersecurity Systems Management; Vulnerability Analysis, Mitigation and Management; Systems Auditing, Information Systems or Engineering Management; and/or Security Test & Evaluation
• Must be a U.S Citizen with an ability to obtain minimum TOP SECRET (TS); TS/SCI desirable. Existing clearance is preferred
• Experience conducting Information System vulnerability scanning (familiarity with Tenable NESSUS and SCTM, SCAP, and eMASS required)
• Military Satellite Communications experience preferred
• Experience as an ISSO and ISSM
• Must have the ability to work in a dynamic environment and effectively interact with numerous DoD, military/civilian personnel, and industry partners
• Ability to work independently as well as cooperatively in a team-oriented environment
• Ability to communicate effectively, both orally and in writing with other IT professionals and end-users and be able to present briefings to executive staff