Cyber Security Manager
Position Title Cyber Security Manager
Job Category Management
Business Line Government
Country United States of America
State/Province/Region USA - Virginia
City Washington D.C
Why Choose AECOM? AECOM is a premier, fully integrated professional and technical services firm positioned to design, build, finance and operate infrastructure assets around the world for public- and private-sector clients. With nearly 100,000 employees — including architects, engineers, designers, planners, scientists and management and construction services professionals — serving clients in over 150 countries around the world, AECOM is ranked as the #1 engineering design firm by revenue in Engineering News-Record magazine’s annual industry rankings, and has been recognized by Fortune magazine as a World’s Most Admired Company. The firm is a leader in all of the key markets that it serves, including transportation, facilities, environmental, energy, oil and gas, water, high-rise buildings and government. AECOM provides a blend of global reach, local knowledge, innovation and technical excellence in delivering customized and creative solutions that meet the needs of clients’ projects. A Fortune 500 firm, AECOM companies, including URS Corporation and Hunt Construction Group, have annual revenue of approximately $19 billion. More information on AECOM and its services can be found at www.aecom.com.
About the Business Line
AECOM works with national and local governments around the world to manage and support critical programs in the areas of defense, security and intelligence; energy and climate change; environmental cleanup and waste management; infrastructure development, protection and resilience; and international development. Our global operations and connected expertise enable us to provide cutting-edge, relevant and cost-effective solutions that help our clients safeguard and enrich society and the world we live in.
The Security Manager ensures that the Information Security programs comply with the Government’s Information Assurance (IA) security requirements, including the evaluation and resolution of new Information Assurance Vulnerability Alerts (IAVAs), successful Certification and Accreditation (C&A) process compliance, and the completion of IA reporting requirements. The Security Manager shall guide the production support team to assess the impact of each vulnerability through a risk assessment process as they are identified by the Government, develop and implement a patching plan, and document all findings in formal monthly reports. The Security Manager will support FTC compliance with FISMA. Among other things, this includes compliance with the NIST Information Security Publications and Standards (SP-800 series and FIPS), applicable DISA and Federal Trade Commission (FTC) Security Technical Implementation Guides (STIG)s, and relevant Office of Management and Budget (OMB) directives and other federal guidance. The Security Manager will also support the FTC in the maintenance of the System Security Plan.
Risk Assessment must be an integral process within Information Security management. As no network can be completely secure, Risk Assessment is necessary to prioritize and allocate scarce resources. The Security Manager is required to complete Risk Assessment as an ongoing process of managing the FTC Infrastructure.
- STEM degree from accredited institution and 10-15+ years of experience
- Management experience
- Government systems experience
- Successful Certification and Accreditation experience
- Ability to lead contractor personnel to achieve effective scanning/patching/remediation efforts in compliance with FTC and contractual obligations
- In-depth experience with Tenable Security Center to execute and clearly define recommended remediation requirements to Team Leads
- Ability to harness reporting abilities of security tools such as Nessus, Shavlik and SCCM to assist Program Manager and Data Center lead in utilizing contractor resources to achieve patch compliance
- Collaborating with client to identify and remediate procedural and operational discrepancies impeding compliance with FISMA
- Experience in one of the following disciplines: Information Systems, Information Technology, Engineering, Management/Business Management, or Computer Science.
- Certified Information System Security Professional (CISSP)
- ITIL V3 Foundation Certification
- Demonstrated experience ensuring Information Security programs comply with IA security programs
- Demonstrated experience assessing, preventing, and correcting IA Security vulnerabilities
- Demonstrated experience creating program documentation detailing system security concepts, system risk assessments, tailored security plans, and vulnerability assessments
- Demonstrated experience reporting status and recommendations for improvements, to Government managers
- Demonstrated experience leading teams performing VMware, Windows, Linux, Oracle, Cisco and database Information assurance compliance/hardening and administration.
- Implementation of STIG checklists and requirements on a server, appliance or system
AECOM is a place where you can put your innovative thinking and business skills into high gear and work alongside other highly intelligent and motivated people. It's a place where you can apply your skills to some of the world's most challenging, interesting, and meaningful projects worldwide. It's a place that values the diversity of our areas of practice and our people. It's what makes AECOM a great place to work and grow.
AECOM is an equal opportunity employer and Minorities, Females, Veterans, and Disabled persons are encouraged to apply. For further information, please click here at http://www.aecom.com/content/wp-content/uploads/2016/01/EEO-is-the-Law-poster-supplement.pdf to view the EEO Is The Law poster.
NOTICE TO THIRD PARTY AGENCIES:
Please note that AECOM does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, AECOM will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a previously signed agreement, AECOM explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of AECOM.
Company Type: Public Company
Company Size: 10,001+