Senior Information Security Officer
This role is responsible for the overall security program development and implementation for theorganization; through the selection of the appropriate security framework in alignment with theorganizational strategy coupled with a pragmatic risk based approach to implement the securitycontrols; continually adapt the security program and influence the strategic direction to maintainan acceptable risk level for the organization. This role serves as the key leader on informationsecurity for the organization and works closely with the enterprise risk management group. Thedirector is responsible for growing and sustaining a security group.
The Senior Information Security Officer is tasked with anticipating new threats and activelyworking to prevent them from occurring. The role must work with other executives acrossdifferent departments to ensure that security systems are working smoothly to reduce theorganization\u0027s operational risks in the face of a security attack.
The Senior Information Security Officer\u0027s duties may include conducting employee securityawareness training, developing secure business and communication practices, identifyingsecurity objectives and metrics, choosing and purchasing security products from vendors,ensuring that the company is in regulatory compliance with the rules for relevant bodies, andenforcing adherence to security practices.
Other duties and responsibilities include ensuring the company\u0027s data privacy is secure,managing the Computer Security Incident Response Team and conducting electronic discoveryand digital forensic investigations.
This is a full-time, exempt position working Monday through Friday with core hours from 8:00 am to 5:00 pm. The position will report to our Director of Enterprise IT.
- Set the vision and strategy for the security program then seek organizational agreement and commitment
- Build and sustain an effective security organization and a team to execute on the security program
- Create and maintain the required security policies, standards and procedures and bring about organizational governance to those policies
- Create and maintain an effective security awareness program for the organization
- Deploy and maintain the appropriate security controls in collaboration with our business and IT leaders using a risk based approach that is aligned with the organizational strategy and priorities
- Serve as the security subject matter expert for the internal organizational needs as well as needed for external entities
- Lead the organization through all required security audits (internal and external) to achieve the required compliance state
- Provide an ongoing measure of the security and compliance posture through KPI's and other metrics
- Through continued training, professional events, and networking, stay aware and tuned to the current and emerging threats to our industry and use security best practices necessary to defend against those threats
- Write or review security-related documents, such as incident reports, proposals, security standards, policies, and procedures in alignment with regulatory and organizational requirements
- Assist in disaster planning, disaster testing, and contingency planning
- Conduct, support, or assist in governmental or regulator reviews, internal corporate evaluations, audits, or assessments of the overall effectiveness of the facilities security processes
- Train BTS or other organization members in security rules and procedures
- Identify, investigate, or resolve security breaches
- Collect and analyze security data to determine security needs, security program goals, or program accomplishments
- Ensure IT systems and practices compliance with security policies and regulations
- Communicate security status, updates, and actual or potential problems, using established protocols
- Prepare reports or make presentations on internal investigations, incidents, events, or violations of regulations, policies and procedures
- Analyze and evaluate security operations to identify risks or opportunities for improvement
- Operate within TASC's guidelines pursuant to the Employee Handbook and all Policies and Procedures
- Perform additional duties as assigned
- Knowledge and experience with one or more major security framework such as NIST (800-53, CSF, 800-171), HITRUST, ISO 27001…etc.
- Knowledge and experience with one or more security standard such as PCI, HIPAA
- Skilled in interacting with all the areas of the organization and negotiating the security requirements in alignment with the business needs and organizational priorities
- Experience in the management of secure software development life cycle sSDLC and the application of security best practices and required controls
- Knowledge and understanding of all the elements of both traditional enterprise systems architecture as well as cloud based system deployments including commercial, fed-ramp and gov. cloud deployments
- Strong experience with security capabilities and controls (tools, processes, skills) needed to secure those systems
- Skilled in planning, prioritizing, and organizing work to lead from concept through implementation
- Bachelors degree or higher from an accredited college, university, or vocational college with a degree in computer sciences or a related discipline
- Eight or more years of IT experience with five or more years of security experience
- Three or more years of leadership experience
- Certifications CISM or equivalent, CISSP a plus
- Working knowledge and experience with NIST, HITRUST, ISO 27001, HIPAA, PCI
- Ability to attain a public trust, fiduciary, government security clearance
Corporate Core Competencies:
- Adaptability - Adapts to change, is open to new ideas, takes on new responsibilities, handles pressure, and adjusts plans to meet changing needs
- Initiative - Deals with problems as they arise, focusing energy and resources on those situations until resolved; identifies new opportunities and takes action; takes on new responsibilities when needed
- Results Focus - Can be counted on to meet or exceed goals; pushes self and others for results; is a conscientious worker who can be relied upon to handle unforeseen obstacles
- Customer Focus - Meets internal and external customer expectations; delivers upon commitments; build customer confidence; follows through on requests gaining trust and respect
- Ethics/Integrity - Is seen as a direct, truthful individual; adheres to appropriate core values at all times; acts in line with those values; rewards the right values and disapproves of others; practices what he/she preaches
TASC is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, gender identity, gender expression, pregnancy, national origin, citizenship status, disability, genetic characteristics, sexual orientation, marital status, domestic partner status, military status, protected veteran status, disability status or any other characteristic protected by law.
Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States. TASC participates in E-Verify.
Meet Some of TASC's Employees
Project Manager II
Hebba and her teammates develop and deliver important TASC projects by scheduled deadlines while adhering to strict company and client requirements and budgets.
Back to top