Leidos has a career opening for a Chief Information Security Officer (CISO) located in Reston, VA.
In this role, youwill proactively work with the enterprise to implement policies and practices that meet defined standards for information security and will oversee a variety of IT-related risk management activities.You will work with the IT VP of Architecture and Engineering to develop the Enterprise Information Protection architecture andwork closely with the IT VP Strategy & Integration on compliance related items in the Enterprise.
You will have responsibility for firewall and security architecture and operations.You will work closely with the Chief Privacy Officer and Chief Security Officer to ensure compliance and business-impact-analysis continuity across the enterprise.
Furthermore, you will beresponsible for budget, schedule and execution of the Corporate Information Security set of services and will set a vision for how internal protections will mature over time. Youwill also support the needs of the direct business through liaison and information sharing with key customers and the Defense Industrial Base community.
- Develop and implement Leidos business impact analysis, response plans and continuity plans to ensure service is continuous when a change program is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
- Develop and enhance an information security management framework based on the International Organization for Standardization (ISO) 27001 and National Institute of Standards and Technology (NIST) standards to integrate and normalize the wide variety and ever-changing requirements resulting from laws, standards and regulations.
- Develop, maintain, and publish up-to-date information security policies, standards and guidelines. Oversee the implementation and training of these security policies and practices.
- Develop the metrics and reporting framework to provide status of the information security program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program.
- Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of Cybersecurity Leadership Council.
- Monitor the external threat environment for emerging threats, advising relevant stakeholders, and coordinating with external agencies, such as law enforcement and other advisory bodies, to ensure that the organization maintains a strong security posture.
- Participate in the DIB (defense industrial base) Pilot Program with certain government agencies on rapid data sharing and incident reporting.
- Providestrategic risk guidance for IT projects including the evaluation and recommendation of technical controls.
- Close collaboration and coordination with the Line Organizations on developing growth strategies and industry best practices.
-Bachelor’s degree and minimum 15 years of related experience in information protection, cybersecurity,risk management, and IT with at least four of those years in a management role.
- Must demonstrate knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT and NIST and an understanding of relevant legal and regulatory requirements such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.
- Demonstrated knowledge of information security technologies.
- Experience using project management lifecycles
- Must be able to write and verbally communicate information security and risk-related concepts effectively to both technical and nontechnical audiences.
- Must have strong problem-solving and analytical skills and demonstrate poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Strong interpersonal and networking skills.
- Ability to obtain/maintain a Secret security clearance.
- Advanced Degree in a related technical field.
- Information security experience as a DoD and/or Intelligence Community employee or contractor.
- Experience with Hybrid Cloud-based information protection.
- Demonstrated use of analysis, design, development, and implementation of technical solutions.
- Support a full-time work location in the National Capital Region.
- Have experience interacting with a Corporate Board of Directors on Cyber Security
-Top Secret security clearance desired..