The selected candidate will participate in the development and delivery of innovative solutions to increasingly complex challenges built around a suite of cloud-based, centralized enterprise services for the IC in support of the National Intelligence Insider Threat and Counter Intelligence (CI) mission. The applicant must possess a proven track record of mentoring project teams in security and governance tasks throughout the entire life-cycle of an enterprise solution. The candidate will collaborate with both project teams and executive and technical leadership to embed a risk and security mindset in all areas and be able to provide continuous oversite as the project grows. Must be able to respond quickly to data calls, prepare presentations, briefings and be actively involved in leading client meetings and day-to-day project activities, including deliveries. Will engage with senior IC and other sponsors. Requires a strong practical security background, excellent communication skills, and customer service skills.
Required Skills and Experience:
- Experience working closely with leadership and other stakeholders to assess and implement the controls necessary to ensure the protection of the system and customer data.
- Proven ability to identify, assess, measure, monitor and report risk in accordance with existing Governance, Risk and Compliance programs.
- Able to serve as a technical security & governance representative, mentor and advisor for the project team.
- Able to participate as a member of the team to develop approaches to leverage Enterprise Audit as a Service capabilities and IC cloud with subscribers/users and participate in Discovery Meetings to collect, clarify and document security requirements.
- Experience with cloud based security and technologies, including AWS/C2S. Advise team on compliant implementation.
- Familiarity with smart data controls and standards. Provide compliance support to include the ability to obtain new COIs. Requires an understanding of the smart data infrastructures (CAMKey, TDF, etc.)
- Able to create and provide technical diagrams, instructions, and SOPs. Draft MOU/MOAs, SLAs and SPFs.
- Understanding of security monitoring and forensic analysis technologies. Familiarity with CI use cases to detect insider threat.
- Familiar with Security Event Managers (e.g. Splunk and/or ArcSight).
- Understanding of audit data and visualization systems.Understanding of audit data source (multiple), audit quality mitigation strategies, and audit representation formats and exposure to data modeling.
- Must be able to work in collaborative environment.
- Must be passionate about their work and be able to work as part of a leadership team with minimal supervision.
Desired Skills and Experience:
- CISSP certified
- Prior experience advising a team of IT professionals on large complex programs
- Experience with deployment, operations and management of complex distributed data systems.
- System administration and troubleshooting skills to assist with O&M planning and execution
- Experience in particular areas of IT (Cybersecurity, Information Systems Architecture, Implementation, System Development, Methodologies, Security Engineering, Communications and Network Systems Management
- Exposure to Windows and/or Linux System Administration