Cybersecurity Program Manager

This is a working manager role. Ensures the organization meets our cybersecurity standards and objectives: this involves setting security requirements and baselines, evaluating design proposals and working with other technical leads (internal and external) to mitigate risk. In addition, it includes operational, program management, project management, and people management duties.

• Oversee and take an active role in security activities such as access control, incident management, incident response, forensics, threat hunting, and reporting


• Support the development, implementation, monitoring, and communication of the cybersecurity program and related activities


• Work with key stakeholders across the organization to ensure that the cybersecurity program aligns with business objectives, mission, and values by developing comprehensive strategies and tactics


• Design, develop, and test cybersecurity features, as microservices and cross platform shareable components with high quality design


• Design, implement, and maintain cybersecurity policies and procedures such as data access controls, acceptable use of technology, password management, and incident reporting procedures


• Translate technical cybersecurity requirements into clear, actionable policies that employees can understand and follow


• Develop an enterprise cybersecurity training program


• Monitor and audit compliance of cybersecurity policies to identify gaps


• Review existing cybersecurity policies post security incidents to identify improvements


• Manage multi-functional team coordination, opportunity screening, benefit/cost analysis, vendor selection, schedule and budget oversight, management of consultants/contractors, issue resolution, training, and reporting


• Coordinate with internal and external legal, contracting, procurement, finance, and communications departments to ensure successful project rollout and streamline communications


• Present cybersecurity program status reports to IT senior management


• Perform review and validation of all deliverables for SOC, Incident Response (IR), Threat Intelligence, Threat Hunting, and other customer-assigned activities


• Provide metrics and artifacts supporting audit activities


• Perform cybersecurity activities, operations management, and project management


• Ensure project-defined deliverables are provided on time and have been quality reviewed (e.g., SOPs, Configuration Guides, Training Documentation, Project Schedules)


• Provide knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures


• Develop and update the cybersecurity policy for the organization's cloud computing environment


• Work with external stakeholders to understand operational needs and develop effective processes


• Maintain current understanding of industry trends, emerging cyber threats, and new solutions which may impact the environment


• Cultivate competencies in team members and self for enterprise and individual benefit


• Train, develop and coach direct reports
  
  

• BS or MA in computer science, information security, cybersecurity or a related field preferred


• Minimum seven (7)+ years' experience in a cybersecurity, IT audit or enterprise risk management (ERM) role


• Minimum five (5) years' experience with regulatory compliance and information security management frameworks (e.g., ISO 27000, COBIT, NIST 800)


• Experiences required:
  
  
  
  • Program and project management
  
  
  • Cybersecurity strategy planning
  
  
  • Identifying and assessing risks to the organization's business
  
  
  • Crafting and executing Information Security initiatives, including capturing and redefining Requirements into impactful work items
  
  
  • Driving cross-functional initiatives according to plan and timelines
  
  
  • Cybersecurity technologies and systems, such as firewalls, intrusion detection systems, and security information and event management (SIEM) systems
  
  
  • Cybersecurity frameworks and standards (such as the NIST Cybersecurity Framework and ISO/IEC 27001)
  
  
  
  

• Preferred Experience: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)

• Provide feedback to direct reports and project teams as necessary


• Provide mentoring and coaching as applicable


• Coordinate tasks, schedules, projects, and promotes/adheres/enforces policies and procedures


• Leverage relationships with external suppliers and service providers