IT Director of Cybersecurity & Privacy

Overview

On Site
Hybrid
$160,000 - $190,000
Full Time

Skills

cybersecurity lead
director of cybersecurity
cyber director
cissp
cisco information systems security professional
cyber security program manager
cybersecurity program manager
information assurance project manager
information assuranc
systems security director
federal pmo

Job Details

Supervisory IT (Director, Cybersecurity and Privacy) 

Location: Kings Point, NY

 

Position Summary

The Director of Cybersecurity and Privacy supports the United States Merchant Marine Academy (USMMA) in Kings Point, NY. The United States Merchant Marine Academy is a federal service academy that educates and graduates leaders of exemplary character who are committed to serve the national security, marine transportation, and economic needs of the United States as licensed Merchant Marine Officers and commissioned officers in the Armed Forces. This position assists in planning and implementing the Cyber Security program for all OST offices and locations.

 

Essential Functions

  • Performs a wide range of duties relating to Information Systems Security to ensure the confidentiality, integrity and availability of Information Technology Systems and applications and the information they process, generate, and contain.
  • Provides authoritative guidance and recommendations on IT operations and cyber security to the OST Information Systems Security Manager (ISSM) and those supporting the OST Cyber Security Program.
  • Develops short-term maintenance actions and long-range plans to optimize cybersecurity solutions to protect OST s data and IT infrastructure in a manner that anticipates, identifies, evaluates, mitigates, and minimizes the risks associated with IT network, system, application, and other resource vulnerabilities.
  • IT Security Compliance and Coordination: Ensures OST Information Systems and Applications comply with applicable statutory, Federal, and DOT policies, standards, and practices relating to IT security. To accomplish this, coordination with technical staff, OST management, system owners, and Departmental representatives is required. Additionally establishes vulnerability reporting criteria, which includes vulnerability remediation requirements, and oversees and monitors a vulnerability identification and remediation program.
  • IT Security Assurance: Initiates, directs, and participates in security reviews, risk

assessments, and continuous monitoring activities. Recommends corrective action on identified security exposures and ensures implementation of corrective action as appropriate.

  • Alternate ISSM: Serves as the Alternate OST Information Systems Security Manager

(ISSM) when the ISSM is unavailable and performs ISSM operational tasks as assigned by the OST ISSM.

  • Security Assessment and Authorization: Develops, implements, oversees, and monitors a program of security assessment and authorization of all OST critical/non-critical systems/applications and infrastructure. Ensures that information and IT security controls are implemented and assessed in accordance with NIST and DOT/OST Security Assessment and Continuous Monitoring requirements.
  • Security Weakness Management: Oversees a security assessment and continuous monitoring program that complies with NIST, DOT and OST policy and guidance. Ensures that plans of actions and milestones (POAMs) are accurately identified, development and resolution of a timeline meets the system owner s expectations, and POAMs are entered into the CSAM tool in a timely manner.

 

Preferred Experience

  • Expert knowledge of cyber-security principles, methods, and tools and ability to manage programs and/or projects, and ability to plan, organize, and direct work.
  • Senior level knowledge of available technical solutions that support the IT security program, such as encryption products, anti-virus products, Virtual Private Networks (VPNs) or Secure Remote Access (SRA), and firewalls that can be recommended by the incumbent to strengthen the security posture of OST IT systems and applications.
  • Senior level knowledge of sources of threat information available in the industry, such as SANS, Security Focus, CERT, Federal Computer Incident Reporting Center (FedCIRC), and National Infrastructure Protection Center (NIPC); understanding of technical security architecture standards, such as identification/authentication tools and encryption solutions.
  • Senior level ability to interprets federal security guidelines in relation to agency needs and develops and recommends implementation of specific agency guidelines and standards for IT security.

 

Please apply through the job posting if you are interested in this opportunity.