Description
Leidos is seeking a Information System Security Officer (ISSO), Industrial Control Systems (ICS) to support the Cyber Security and Information Technology programs, reporting to the Information System Security Manager (ISSM) and IT Director.
Candidate must be able to obtain and maintain a DOE Q Clearance. This position is contingent upon clearance verification and program/customer concurrence.
Job Travel Requirement: Able and willing to travel onsite to the Portsmouth location for onsite ICS related requirements in Portsmouth.
Potential for Telework: Yes, preference is roughly 50% remote and 50% on-site, negotiable
Unleash Your Potential
At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customer’s success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.
If this sounds like an environment where you can thrive, keep reading!
Join our team and discover a culture of collaboration, innovation, diversity, trust, caring management, communication transparency, work-life balance, and overall job satisfaction. Share your resume with us today!
Your greatest work is ahead!
Primary Responsibilities:
Support the Cyber Security and Information Technology programs, reporting to the Information System Security Manager (ISSM) and IT Director.
Operate as the Subject Matter Expert (SME) within the Information Assurance technical domain.
Ability to work independently and collaboratively with IT and Cyber professionals.
Develop, review, and oversee the implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security across the organization's information systems.
Maintain a deep understanding of relevant government regulations related to information system security and ensure organizational compliance with Department of Energy mandates. This includes keeping up to date with future modifications to these regulations.
Lead efforts in identifying, analyzing, and mitigating potential security risks in accordance with government regulations.
Attend, plan, coordinate, and conduct internal and external audits or assessments to ensure continued compliance with established security policies and regulations. Address any identified issues such as opportunities for improvement (OFIs) or non-conformities (NCs) in a timely and comprehensive manner.
Supervise the activities of Cyber Security Analysts and the Cyber Operations Group Lead. Offer guidance and support to ensure effective security measures are in place and are executed according to site policies and regulations.
Coordinate the response to any security incidents, working closely with the Cyber Security team to investigate, document, and report incidents, while also making recommendations for future risk mitigation.
Coordinate with relevant departments to develop and deliver information security training and awareness programs to ensure staff are aware of their responsibilities and can act in a manner that minimizes risk to the organization.
Regularly report to senior management about the status of the organization's security posture, regulatory compliance status, audit findings, and any other security-related issues and plans.
Regularly review and recommend improvements to the organization's security policies, processes, and practices based on changes in the threat landscape, technology landscape, or business requirements.
Evaluate the security controls of third-party vendors and manage the risk associated with third-party relationships. Ensure contractual security requirements are being met by vendors.
Accountabilities:
Communication Skills: The candidate should have demonstrated leadership qualities, strong verbal/written communication skills, communicate clearly at both one-on-one and group levels, communicate with team leaders, managers, and internal employees in the decision-making process to obtain needed information, make the most appropriate decisions, and ensure buy-in and understanding of resulting decisions.
Task Management Skills: The candidate is expected to proactively determine project or assignment requirements by breaking them down into tasks and identifying types of equipment, and materials needed. The candidate consistently and proactively identifies more critical and less critical activities and assignments and effectively adjusts priorities when appropriate.
Team Coordination Skills: The candidate is expected to set high expectations for oneself, and has the courage to raise the bar continuously. The candidate holds oneself and others accountable for continuous improvement and communicates expectations directly, openly, and effectively. The candidate conveys a sense of purpose and mission that motivates others, maintains direction, and balances big-picture concerns with day-to-day issues. The candidate guides others in creating relevant options for addressing problems/opportunities and achieving desired outcomes.
Base of Knowledge Skills: The candidate must have complete knowledge of verification, validation, certification, and qualification processes and procedures, including knowledge of current governing regulations and compliance requirements; advanced level of understanding and proficiency in the use of networking computing hardware and software applications; extensive knowledge of processes and tools needed to maintain, archive, and retrieve digital files; as it relates to cybersecurity, ability to read and understand contracts, Statements of Work.
Minimum Certifications, Education, and Experience:
Bachelor’s degree from an IT or Cyber related subject matter area from an accredited college or university, and four (4+) years of experience in an IT-related position with at least two (2) years being in an operational cyber security-specific role (e.g., information system security officer, cyber security analyst) or;
Associate’s degree from an IT or Cyber related subject matter area from an accredited college or university and six (6+) years of experience in an IT-related position with at least four (4) years being in an operational cyber security-specific role (e.g., information system security officer, cyber security analyst) or;
High School diploma/equivalent with at least eight (8) years of IT/Cyber experience.
Possess a Cyber centric certification such as a Security+, CISM, or CISSP.
Preferred Experience and Qualifications:
Experience or knowledge of U.S. Department of Energy (DOE) directives, or similar U.S. State or Federal departmental agency policies, and procedures pertaining to sensitive information, computing, cybersecurity, information technology, etc.
Experience with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 or Revision 5
Demonstrated success in achieving project completion in a timely manner. This includes having effective project management skills and correctly assessing the time required to carry out given tasks.
Experience using Cyber Security relevant tools, systems, and applications to include but not limited to Governance Risk and Compliance (GRC) applications, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
Possess a Cyber Security application or vendor-specific certification associated with any number of the types of relevant tools previously listed.
Possess an intermediate to expert level Cyber centric industry certification such as a CYSA+, CASP+, OSCP, GCIH, CISA, CISM, or CISSP.
Operating System experience to include a fundamental understanding of common security best practices or industry standard baselines such as those developed by the Center for Information Security (CIS) or the Defense Information Systems Agency (DISA).
Experience using Cyber Security relevant tools, systems, and applications to include but not limited to: Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP), Application Allow or Deny-listing, and Vulnerability Management Solutions (VMS).
Demonstrated knowledge of standard IT processes and tools that are used to maintain, archive, sanitize, and retrieve digital files.
Original Posting Date:
2024-11-18
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $81,250.00 - $146,875.00
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.