- 07-Mar-2023 to 01-May-2023 (HST)
- Native Hawaiian Veterans
- Arlington, VA, USA
- Full Time
Native Hawaiian Veterans, LLC (NHV) is a tribally-owned business; an Underutilized Disadvantaged Business Enterprise (UDBE); and Minority Business Enterprise (MBE) that provides services, solutions, and products in the areas of Homeland Security, Emergency Management, Information Technology, Communication Equipment, Professional Staff Augmentation, Munitions and Explosives of Concern (MEC) Remediation, and Strategic Communications/Creative Services.
Cayuse and our family of companies are 100% Indian Small Business Economic Enterprises (ISBEE) wholly owned by the Confederated Tribes of the Umatilla Indian Reservation (CTUIR). Specifically, within our Government Operations, we offer diverse business lines and workforce while providing solutions for federal, state, and local clients throughout the world. Cayuse's comprehensive program management, mission support, and technology solutions are ideally positioned to help our clients advance their goals.
This position will be responsible for assessing current Department policies and addressing gaps through development of an overall governance framework for a significant business critical portfolio of automated, cloud-based systems. The framework shall incorporate industry best practices such as FEDRAMP, DoD Security Technical Implementation Guides, CIS Benchmarks, Microsoft best practices and others. The position requires routine interfacing with development and business teams to create documentation and training; translate policy requirements into day to day operational requirements; ensure compliance with federal regulations; and optimize current A&A processes to ensure rapid adoption across bureaus and other entities within the Department.
Leverage knowledge of U.S. federal government cyber mandates, directives, standards and industry best practices and threat intelligence in shaping Department policy.
Create or establish security standards/baselines for cloud-based platforms
Establish and maintain cyber security policy, process and/or standard into contractual language of implementers and Cloud services, to ensure security is built-into product delivery.
Influence the CTO Architecture with security processes and standards, creating data access and compliance dashboards.
Understand and track data dependencies and encryption policies at rest, in transit, how it's used in applications, including data retention and privacy policies with regard to PII collection.
Establish CTO Security processes and standards to enhance, automate and monitor security controls in accordance with established Department guidelines
Establish a CTO security baseline across platforms.
Assess enterprise-wide cyber policy and federal policy, identify gaps for the development and operations of a broad, cloud-based business portfolio, and develop local policy and practices to fill identified gaps.
Evolve local policies and practices to reflect changes in technical cyber threats.
Assist in the definition and maintenance of cybersecurity policies and standards.
Identify key cybersecurity controls required based on an understanding of the agency's cybersecurity risks and business objectives, and considering key threats, client requirements, regulatory requirements, and technology trends.
Understand and interact with related disciplines through committees to consistently apply cybersecurity policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity management.
Work closely with the PM and other Stakeholders to ensure collaboration and alignment.
Work with Cybersecurity Risk Management and Cybersecurity Compliance team.
Develop and maintains relationships with compliance leaders in member firms.
Participate in security policies and standards management working group.
Other duties as assigned.
Technical Skills: Knowledge, Skills and Abilities
Education / Experience
· Bachelor's degree in business administration, a technology-related field, or equivalent education-related experience.
· Minimum of ten (10) years combined experience in related work with Government IT Policy or Information Security / Cybersecurity domain with a focus on policies and/or cybersecurity governance and risk management.
Strong knowledge and understanding of information security legal and regulatory requirements.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.
Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials. Knowledge of Department Foreign Affairs Manuals and Foreign Affairs Handbook (FAM/FAH) a plus.
Human Relationship Skills
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards, and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
Sound knowledge of business management and information / cybersecurity policies and standards
Must be able to pass a background check and additional background checks as required by projects and/or clients at any time during employment.
Reports to: Program Manager
Normal physical conditions
General office environment
Must be able to sit for long periods of time looking at computer screen
May be asked to work a flexible schedule which may include holidays
May be asked to travel for business or professional development purposes
May be asked to work hours outside of normal business hours