Full-Time Deputy Chief Information Security Officer
Job Description
Position Description
As the deputy CISO, you will work alongside the CISO and CSuite, product managers, cyber security teams, and IT managers to effectively monitor and maintain the security of the organization’s applications, databases, computers, and websites. You will work directly for the CISO with responsibilities including developing, implementing, and enforcing security policies to protect critical data and systems.
Responsibilities
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
- Work directly with the Kessel Run product lines to facilitate risk assessment and risk management processes
- Develop and enhance an information security management framework
- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
- Provide leadership to the enterprise’s information security organization
- Partner with business stakeholders across the DoD to raise awareness of risk management concerns
- Assist with the overall technology planning, providing a current knowledge and future vision of technology and systems
Who We Are
Kessel Run is an Air Force System Program Office for several Programs of Record that continuously delivers war-winning software that our Airmen love.
We are an Agile Delivery Organization.
We sustain the existing Air Operations Center baseline while simultaneously building a scalable software factory to architect, manufacture and operate intuitively designed Wing and Operational level Command and Control systems to function effectively in highly contested environments.
We are offering the opportunity to work in a modern work environment, to use cutting-edge technologies and modern processes, all while making a meaningful impact every single day. Come help us solve our nation’s toughest, most complex challenges while enjoying yourself at work every day.
Who You Are
- You have significant background in one or more of the following areas:
- Modern implementation of DoD Acquisitions
- Program Management for an agile software organization
- DevSecOps / Software Engineering Management
- Cloud Security
- Application Security and Infrastructure Assessment
- DoD Civilian or Military experience, a plus
- You have at least 10 years of cyber security experience in the DoD and are familiar with the RMF ATO process, DoD 8570, and NIST Cyber Security Framework.
- You have a DoD 8570 IAM Level III certification such as CISSP or CISM or will be able to attain one within 6 months of being hired. (see more information here).
- You have worked in an agile environment and are familiar with DevSecOps.
- You have a strong background in networking and infrastructure.
- You have experience partnering with engineers, security, and developers to analyze risk and make decisions impacting the security & operations of the unit.
- You understand the AWS GovCloud environment and cloud security.
- You have experience with writing security/policy documents and enforcing them.
- You have experience briefing senior leadership such as the Authorization Official (AO), Commander, Chief Technology Officer, and Chief information Security Officer on relevant threats to the unit and mitigations taken.
- You excel at facilitating meetings, communicating with internal and external stakeholders, and adapting your communication style to your audience.
- You understand the Department of Defense and have experience in working with Command and Control (C2), cyber security, or other related mission systems OR you have demonstrated experience quickly ramping up in a new and highly complex and political domain
- You have strong leadership and management skills with a diverse workforce
- You enjoy and seek out opportunities to mentor, coach and grow
- You are a cultural change agent. You believe that culture is the most important tenet to achieving product success
- You have top-quality written and verbal communication skills (e.g., capable of public speaking, changing your messaging based on the audience)
- You have at least 10 years of cyber security experience in the DoD and are familiar with the RMF ATO process, DoD 8570, and NIST Cyber Security Framework.
- You have a DoD 8570 IAM Level III certification such as CISSP or CISM or will be able to attain one within 6 months of being hired. (see more information here)
- Experience with contract and vendor negotiations and management including managed services.
- You have a strong background in networking and infrastructure.
- You have experience partnering with engineers, security, and developers to analyze risk and make decisions impacting the security & operations of the unit.
- You understand the AWS GovCloud environment and cloud security.
- You have experience with writing security/policy documents and enforcing them.
- You have experience briefing senior leadership such as the Authorization Official (AO), Commander, Chief Technology Officer, and Chief information Security Officer on relevant threats to the unit and mitigations taken.
- You excel at facilitating meetings, communicating with internal and external stakeholders, and adapting your communication style to your audience.
- You have a growth mindset and love working in a fast-paced agile environment.
- You are comfortable traveling to meet users and stakeholders and can represent both the team and Kessel Run during work trips.
- You are a U.S. citizen and are eligible to obtain a U.S. Security Clearance (see eligibility requirements here). A Top Secret security clearance with SCI eligibility is preferred.
Qualifications
Minimum Education – Bachelor’s degree with concentration in Cybersecurity, Computer Science, Computer Engineering or Information Technology preferred.
Preferred Education – Master’s Degree in Computer Science, Cybersecurity or other related field.
Certifications – One or more of the following or the ability to obtain within 12 months of hire:
- Certified Reverse Engineering Analyst (CREA)
- Certified Penetration Tester (CPT)
- Certified Computer Forensics Examiner (CCFE)
- Certified Computer Examiner (CCE)
- Cisco Certified Network Associate (CCNA)
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- Certified Computer Security Incident Handler (CERT CSIH)
- Certified Incident Handler (E/CIH)
- Certified Reid Investigator
- Certified Protection Professional (CPP)
This is a Federal civilian service position within the United States Air Force. We are hiring at the equivalent of a GS-14 up to GS-15 level for this position. This means you can expect a base salary of $99,908 to $152,771 multiplied by your locality rate, based on your experience. You can find your locality definition here and see the pay tables for the GS scale here. Our headquarters is located in Boston, MA; for a Boston-based employee, this would translate to a range from $130,929 to $183,500.
We also provide paid time off, health, and retirement benefits. There are advancement opportunities to promote to more senior levels after hiring.
We understand that there is no such thing as the ideal candidate for any job and we believe in empowering people to learn and grow throughout their careers. We encourage any applicant who is interested in making an impact in the Department of Defense to apply to this position regardless of background and qualifications.
How to Apply
Apply through the Kessel Run Website: https://grnh.se/fb3048143us55 total views, 0 today