Full-time
Branch Head, Chief Information Security Officer NF5 - US Department of the Navy - Quantico, VA

$130,000 - $150,000 a yearPart-timeDuties Summary Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.
Responsibilities
Serves as the Branch Head of the Enterprise Information Technology (IT) Security Office, Chief Information Security Officer (CISO), and Manager of Cybersecurity & Compliance. The position manages the implementation of the DISA Risk Management Framework (RMF), PCI Data Security Standard (PCI DSS) and FISMA compliance using National Institute of Standards and Technology (NIST) Standards through Assessment and Authorization (A&A) of all IT solutions, current, and future, within the MCCS worldwide environment. Ensures that reporting Marine Corps Command Control Computers & Communications (C4), PCI Security Standards Council (SSC) approved security companies including PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV) Scan Reports, and PCI PA-DSS Reports of Validation (ROV) are accurate and timely. Manages staff to conduct cybersecurity (CY) audits to validate security risks mitigation and C4 and FISMA compliance. Ensures compliance with FISMA and Marine Corps compliance standards with Retail Business, Commercial Fitness, Food, Lodging, Business Support, Field Command, and IT Infrastructure systems. Ensures the development of validation protocols for all aspects of IT compliance acting as the internal auditing function for PCI, C4, and FISMA compliance. Conducts high-level presentations and briefings as required. Ensures that key artifacts for security compliance management are produced in a quality way and that they are available for audit and submission according to required timelines. Ensures that project teams engaged in maintenance and enhancement of production systems and new application development are educated in compliance policies and procedures and that the approach for systems development encompasses Security and Compliance standards throughout the organization. Performs the role of Information Systems Security Manager (ISSM) IAW HQMC C4 policy and procedures. Develops and maintains the security program that identifies architecture, requirements, objectives and policies, personnel, processes, and procedures as they relate to NIST and Marine Corps standards. Provides security oversight for MR and subordinate commands to include coordinating MR security measures, ensuring that section staff conduct analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels. As an ISSM, ensures that information ownership responsibilities are established for each information system to include accountability, access approvals, and special handling requirements. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Maintains the appropriate level of personal training and certification required in accordance with DoD 8570. Creates, maintains and delivers cybersecurity training for MR and MF organizations. Ensures security governance across the MCCS enterprise. Brings security to the forefront in MCCS business and family services environment. Conforms to governance program including Configuration Management, Change Management, Incident Management, Event Management, Product Management and Built-In Security. Performs security compliance efforts IAW the PCI, FISMA, NIST SP 800 series, FIPS series, DOD 8570 series and USMC related policies and procedures. Liaises with designated HQMC C4 office staffs responsible for system CY and IT Portfolio management to ensure currency with compliance matters. Manages full time and contractor security personnel. Sets a high standard for collaboration within the team and across teams. Uses interpersonal skills to communicate clearly so that non-security experts can understand the importance of security and their roles in achieving and maintaining a secure enterprise. Motivates others through positive feedback and reinforcement. Ensures that team members all feel that they actively contribute to the success of the entire group. Promotes and demonstrates a flexible, “whatever it takes” attitude that allows the business to achieve its security goals. Provides overall direction to all members of the Security & Compliance team regarding goals and objectives as well as specific associate performance. Maximizes the contribution of associates by appropriate task assignments and works to enhance the individual’s potential through training, performance monitoring, mentoring and feedback. Plans, develops, manages Cybersecurity budget. Monitors expenses and project work on cybersecurity projects. Leads by example with an emphasis on courtesy. Takes action to solve problems quickly. Alerts the higher level supervisor, or proper point of contact for help when problems arise. Ensures minimal loss of duty by complying with “Return to Work” program initiatives, and following up on employee well-being. Occasional travel to complete work assignments, conduct training or attend conferences and meetings. Performs other related duties as assigned.
Travel Required 25% or less - Varies Supervisory status Yes Promotion Potential NA Job family (Series) 2210 Information Technology Management Similar jobs Chief Technology Officers Enterprise Data Manager Information Systems Managers Information Technology Project Managers Managers, Information Systems Officers, Chief Technology Requirements Requirements Conditions of Employment See Duties and Qualifications EVALUATIONS: Qualifications Bachelors’ Degree in Information Technology or Business related field appropriate to the work of position AND five years of experience managing hands-on security assessment, quality assurance, PCI DSS or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above. At least 5 years of progressive experience managing technical and/or compliance teams with proven results achieving project and compliance goals in a timely fashion. Certification as an Information Systems Security Professional (CISSP) is required or equivalent level education and appropriate experience with DoD system security and information assurance (IA) policy and procedures. Greater than five years’ experience managing all aspects of Information Assurance / Cyber Security, Information Security, and Network Security Programs for the USN and USMC; DIACAP, network defense, risk and compliance assessment, remediation, and mitigation; system and network engineering, administration, and security; physical security; forensic investigations; vulnerability scanning, analysis, remediation, and reporting; incident handling and response Experience with: Vulnerability Assessments, Analysis, and Reporting Security assessment tools Microsoft Excel, Microsoft Project, Microsoft Visio, Written and verbal communication to all levels of the organization Mastery of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring and inspecting costs, work, and contractor performance Information security review, analysis, and evaluation methods, tools and techniques Multiple Vulnerability Assessment tools – Examples: Tenable/ACAS, Qualys, Retina, Rapid 7, Tanium, and ForeScout Malware and Virus prevention, detection, and remediation Policy, Procedure, and Guideline development Risk Management Framework (RMF) phases, activities, tools, and resources SharePoint technologies – Microsoft Office SharePoint Services (MOSS) 2007/2010/2013 Extensive experience in developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting accomplishments and deficiencies Comprehensive technical and management reports on trends, issues, and potential problem areas in configuration management, architecture, and network security standards on existing or proposed interfaces with other computerized systems Evaluating the security infrastructure for enterprise merchants or service providers Managing IT projects for system assessment and authorization Documenting security compliance related correspondence required by governing authorities and documenting instructions, guidance, and procedures to specified audiences Managing projects to deliver infrastructure security solutions for a business enterprise Measuring and reporting project performance and supporting project administration, logistics and operations to include analysis of project indicators and performance reporting Familiarity with the DoD Risk Management Framework (RMF) Process, Marine Corps Assessment and Authorization Process (MCAAP) ECSM-018 preferred. Broad Knowledge of: Networking System Administration – Windows and Unix/Linux platforms Database Administration Application Development PCI Requirements and the financial industry and the lifecycle of payment card transactions System Administration Tools – Active Directory, Microsoft System Center Configuration Manager (SCCM) Project Management Vulnerability and Patch Management USN or USMC Certification and Accreditation tools – eMASS and MCCAST Asset/Inventory Management Incident Response DoD 8500.01 and DoD 8510.01 National Institute of Technology Standards (NIST) publications, specifically, the the NIST 800 Series of Special Publications, Federal Information Processing Standards (FIPS), FedRAMP, NIST 800-171, and the NIST Cybersecurity Framework. As an authorized and privileged user of Department of Defense Information Systems must possess or receive Information Assurance awareness by completing the Security+ Certification as a condition of access within six months of employment, and thereafter must complete annual Information Assurance awareness training. Must be able to obtain a Secret ( Tier 3) security clearance and must be able to maintain the required level of clearance while employed in the subject position. Education
Additional information
GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis. It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: https://www.donhr.navy.mil/NoFearAct.asp. As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.
Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.
Required Documents: Education/certification certificate(s), if applicable. If prior military, DD214 Member Copy
This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.
Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.
INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT'S DISCRETION WITHOUT FURTHER COMPETITION.
ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN STANDARD TIME (EST) ON THE CLOSING DATE LISTED IN THE JOB POSTING. How You Will Be Evaluated You will be evaluated for this job based on how well you meet the qualifications above. Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official.
Background checks and security clearance Security clearance Not Applicable Drug test required No Required Documents Required Documents Varies - Review "OTHER INFORMATION" If you are relying on your education to meet qualification requirements: Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education . Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating. Benefits Benefits A career with the U.S. Government provides employees with a comprehensive benefits package. As a federal employee, you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Learn more about federal benefits .
The Federal government offers a number of exceptional benefits to its employees. Benefits you get to enjoy while working at MCCS include but are not limited to: Stability of Federal Civilian Service People with passion for doing work that matters Quality of Work Life Balance Competitive Pay Comprehensive Benefit Packages Marine Corps Exchange and Base Facility Privileges
Review our benefits Eligibility for benefits depends on the type of position you hold and whether your position is full-time, part-time, or intermittent. Contact the hiring agency for more information on the specific benefits offered.

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.