Compusearch Software Systems, Inc., a software product and services company in Dulles, VA., seeks a Director of Security to lead the Compusearch Security Team reporting to the Chief Financial Officer (CFO). For over 25 years, Compusearch has been providing Acquisition and Grant Management software products to Civilian, DoD, and Intel agencies in the Federal Government, and to the Federal contractor community. In addition, Compusearch has a growing hosting business for its software products.
Knowledge and Responsibilities:
The successful candidate will have broad knowledge of Cybersecurity and Information Assurance frameworks within the Federal Government and commercial security best practices. The candidate should be experienced applying the NIST Risk Management Framework, NIST 800-53 controls guidance, and associated NIST Special Publications Series for Federal customers. Additionally, the candidate should have experience implementing cloud solutions under the FedRAMP Program. Knowledge of DoD Information Security directives and processes is a plus.
The successful candidate must also have a strong analytical ability and be able to synthesize and apply commercial cyber and information security standards within a corporate risk management framework.
This position may also be asked to lead management and compliance efforts against the NISPOM DSS Industrial Security Program for cleared staff serving various government clients.
Since Compusearch is a small company, there is a fantastic opportunity to work in different areas of security and interface with various business units to drive compliance and supplement security capabilities within software products and hosting solutions. The position is challenging; responsibilities will vary and depend on your expertise and willingness to expand your horizons.
- For Compusearch Hosting Services, responsibilities are associated with security and compliance support for product hosting operations and may include;
- preparing/managing teams to coordinate system audits performed by 3rd Parties
- preparing/maintaining security documentation for hosted systems
- working with the Compusearch Information Technology team to facilitate risk identification and system vulnerability mitigation or remediation for identified issues
- working with Compusearch account managers on client security related matters
- actively using vulnerability scanning tools (such as Qualys, Secunia and Tenable Security Center) and centralized log repositories (such as logstash, ManageEngine and Splunk)
- developing and implementing continuous monitoring strategies
- developing operational efficiencies in compliance processes
- For Compusearch Corporate Security, tasks are associated with maturing the overall Compusearch Security Posture of corporate assets and assisting with business development efforts;
- maintaining the corporate Security Awareness Training program
- documenting and maintaining corporate security policy and procedures
- coordinating application security scanning and other security initiatives
- For Business Development engagements:
- answer and support RFI, RFP, and specialized customer inquiries during pre-sales engagements
- assist with specific security recommendations as part of software product enhancement
- ensure planning and direction for Security Team personnel to meet contractual compliance of Security / Information Assurance requirements in new contracts
- For DSS Industrial Security Program:
- lead compliance efforts of Facilities Clearance and Personnel Clearance practices as specified under NISPOM Regulations
- assist business and account leads to ensure cleared staff are available to maintain contractual requirements
Experience, Skills/Abilities, and Education:
- B.A. or B.S. in relevant field of study (Advanced degree preferred)
- CISSP, CRISC, CISM, CAP or similar certification(s)
- Minimum 10+ years full time security / information assurance experience in several of the areas identified
- Previous Security management/leadership experience
- Candidate must be a U.S. Citizen and have or be eligible to obtain a DOD Top Secret Security Clearance
- Experience in meeting compliance activities for FISMA / FedRAMP environments
- Familiarity with one or more technical security areas (e.g., network security, Oracle DBMS security, secure OS configuration, secure application development)
- Familiarity with vulnerability scanning tools and results analysis
- Expert knowledge of cyber security principles
- Software development experience a plus (especially DevSecOps)
- Strong written and oral communication skills
Equal Opportunity Employer