Chickasaw Nation Industries

  • Cyber Security Policy Analyst SME - Lead

    Job Locations US-VA-Arlington
    Job ID
    2019-6821
    Category
    Information Technology
    Full-Time/Part-Time
    Full-Time
  • Overview

    The Cyber Security Policy Analyst Subject Matter Expert - Lead provides support to the Defense Security Cooperation Agency (DSCA), Information Technology (IT) Division. This position supports cybersecurity program compliance, strategic planning, program support/monitoring, controls performance measures, and supports the development of agency or company level policy documents.

     

    ACTIVE SECRET CLEARANCE IS REQUIRED

     

    ESSENTIAL DUTIES AND RESPONSIBILITIES

    Essential duties and responsibilities include the following.  Other duties may be assigned.

     

    Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.

     

    Develops and maintains constant understanding of cybersecurity Business Objectives, DSCA OCIO cybersecurity priorities and stakeholder expectations to ensure alignment with deliverables.

     

    Establishes a cybersecurity metrics collection process and tool to manage performance data.

     

    Oversees the cybersecurity performance of subcontractors to manage performance measures.

     

    Support DSCA in evaluating performance measures and make recommendations on applicable incentives or disincentives.

     

    Maintains and performs ongoing reviews of the DSCA OCIO cybersecurity IT strategic plan.

     

    Supports the development of cybersecurity CONOPs and cybersecurity Standard Operating Procedures (SOPs).

     

    Supports the development of agency or company level policy documents.

     

    Tracks and measures the actual schedule, budget, and quality level compared to the plan.

     

    Reviews identified cybersecurity risks, mitigation and reassess contingency plans.

     

    Facilitates and conducts monthly, quarterly and contract review meetings to determine service performance.

     

    Builds a cybersecurity Project Plan that specifies the project's schedule, budget, and quality requirements.

     

    Establish baselines for cost, schedule and technical performance.

     

    Communicates with the DSCA OCIO stakeholders to provide status and quality reports, to discuss changes in requirements, and to coordinate with activities outside the cybersecurity project.

     

    Ensures transparency and interdependencies across task orders across DSCA.

    Manages communication with and among staff, stakeholders, and DSCA OCIO to ensure clear, concise information dissemination.

     

    Documents and shares lessons learned with DSCA cybersecurity and stakeholder/staff to enable continuous improvement.

     

    Responsible for aiding in own self-development by being available and receptive to any training made available by the company.

     

    Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.

     

    Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.

     

    EDUCATION/EXPERIENCE REQUIRED

    Bachelor's degree in a related field of study and a minimum of ten (10) years’ relevant experience, or equivalent combination of education / experience. Five (5) years’ experience in managing IT projects or programs focused on interpreting and applying DoD CS policy and guidance to operational DoD IT environments. Prior Security Operations Center experience a plus

     

    Demonstrated skills and experience in at least 8 of the following 15 areas of expertise:  

    (1) Current Microsoft server and workstation OS security configurations  

    (2) Current Red Hat Linux Enterprise OS security configurations  

    (3) Current Unix OS security configurations  

    (4) Current Microsoft server and desktop application security  

    (5) VMWare security  

    (6) Database security (e.g. Oracle, MS SQL, and MS Access) 

    (7) Border device security (e.g. firewall, VLANs, IP Sub-Netting, Ports, and Protocols)  

    (8) Encryption standards  

    (9) Vulnerability scanning using approved DoD scanner  

    (10) Application code scanning with Fortify or other industry standard product  

    (11) HBSS monitoring  

    (12) Auditing (e.g. system accounts, security logs, system and network anomalies)  

    (13) Working knowledge of DoD Components  

    (14) Metrics – capture and documentation  

    (15) Technical writing – technical documents and user training materials  

     

    CERTIFICATES / LICENSES / REGISTRATION

    Active IAM-II certification through one of the following certifications:

    Certified Authorization Professional - CAP

    CompTIA Advanced Security Practitioner – CASP+

    Certified Information Security Manager - CISM

    Certified Information Systems Security Professional - CISSP or CISSP Associate

    GIAC Security Leadership Certification - GSLC

    EC-Council’s Certified CISO program cert – CCISO

     

    ACTIVE SECRET CLEARANCE IS REQUIRED

     

    JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES

    Knowledge with the MS Office Suite applications of Outlook, Word, Access, PowerPoint and Excel to perform data evaluation, formulas, and analytics  

    Specialized knowledge and advanced skills in the policies, concepts, practices and procedures of security incident management, threat intelligence and continuous monitoring

    Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices

    Ability to write reports based on findings for previous security breaches and threats

    Ability to read, analyze, develop and interpret common information systems security documents

    Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues

    Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff)

    Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner

    Highly organized with ability to effectively manage multiple projects and priorities

    Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities

    Ability to effectively work both independently and in a team environment for the successful achievement of goals

     

    LANGUAGE SKILLS

    Ability to read, analyze and interpret common scientific and technical journals, financial reports, and legal documents.  Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.

     

    MATHEMATICAL SKILLS

    Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference and volume. Ability to apply concepts of basic algebra and geometry.

     

    REASONING ABILITY

    Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

     

    PHYSICAL DEMANDS

    The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.

     

    *MON

     

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.