IT Director of Cybersecurity & Privacy

Overview

On Site
Hybrid
$160,000 - $190,000
Full Time

Skills

cybersecurity lead
director of cybersecurity
cyber director
cissp
cisco information systems security professional
cyber security program manager
cybersecurity program manager
information assurance project manager
information assuranc
systems security director
federal pmo

Job Details

 

Supervisory IT (Director, Cybersecurity and Privacy)

Location: Kings Point, NY

 

Position Summary

The Director of Cybersecurity and Privacy supports the United States Merchant Marine Academy (USMMA) in Kings Point, NY.  The United States Merchant Marine Academy is a federal service academy that educates and graduates leaders of exemplary character who are committed to serve the national security, marine transportation, and economic needs of the United States as licensed Merchant Marine Officers and commissioned officers in the Armed Forces. This position assists in planning and implementing the Cyber Security program for the Dept of Transportation Office of the Chief Information Officer (OCIO).  Specifically, the alternate ISSM ensures that applicable cybersecurity policies are implemented for information systems and applications and that operational security posture consistent with current security policy is maintained. The Maritime Administration is the agency within the U.S. Department of Transportation (DOT) dealing with waterborne transportation. MARAD has a responsibility for Enterprise and Sector IT systems projects, operations, service management, and cybersecurity including sector cybersecurity.  For more info click here:

 

Essential Functions

  • Performs a wide range of duties relating to Information Systems Security to ensure the confidentiality, integrity and availability of Information Technology Systems and applications and the information they process, generate, and contain.
  • Provides authoritative guidance and recommendations on IT operations and cyber security to the Information Systems Security Manager (ISSM) and those supporting the Cyber Security Program.
  • Develops short-term maintenance actions and long-range plans to optimize cybersecurity solutions to protect our data and IT infrastructure in a manner that anticipates, identifies, evaluates, mitigates, and minimizes the risks associated with IT network, system, application, and other resource vulnerabilities.
  • IT Security Compliance and Coordination: Ensures Information Systems and Applications comply with applicable statutory, Federal, and Dept of Transportation (DOT) policies, standards, and practices relating to IT security. To accomplish this, coordination with technical staff, management, system owners, and Departmental representatives is required. Additionally establishes vulnerability reporting criteria, which includes vulnerability remediation requirements, and oversees and monitors a vulnerability identification and remediation program.
  • IT Security Assurance: Initiates, directs, and participates in security reviews, risk

assessments, and continuous monitoring activities. Recommends corrective action on identified security exposures and ensures implementation of corrective action as appropriate.

  • Alternate ISSM: Serves as the Alternate Information Systems Security Manager

(ISSM) when the ISSM is unavailable and performs ISSM operational tasks as assigned by the ISSM.

  • Security Assessment and Authorization: Develops, implements, oversees, and monitors a program of security assessment and authorization of all critical/non-critical systems/applications and infrastructure. Ensures that information and IT security controls are implemented and assessed in accordance with National Institute of Standards & Technology (NIST) and Dept of Transportation (DOT) Security Assessment and Continuous Monitoring requirements.
  • Security Weakness Management: Oversees a security assessment and continuous monitoring program that complies with NIST and DOT policy and guidance. Ensures that plans of actions and milestones (POAMs) are accurately identified, development and resolution of a timeline meets the system owner’s expectations, and POAMs are entered into the CSAM tool in a timely manner.

 

Preferred Experience

  • Expert knowledge of cyber-security principles, methods, and tools and ability to manage programs and/or projects, and ability to plan, organize, and direct work.
  • Senior knowledge of available technical solutions that support the IT security program, such as encryption products, anti-virus products, Virtual Private Networks (VPNs) or Secure Remote Access (SRA), and firewalls that can be recommended by the incumbent to strengthen the security posture of IT systems and applications.
  • Senior knowledge of sources of threat information available in the industry, such as SANS, Security Focus, CERT, Federal Computer Incident Reporting Center (FedCIRC), and National Infrastructure Protection Center (NIPC); understanding of technical security architecture standards, such as identification/authentication tools and encryption solutions.
  • Senior ability to interprets federal security guidelines in relation to agency needs and develops and recommends implementation of specific agency guidelines and standards for IT security.

 

Please apply through the  job posting if you are interested in this opportunity.

External Federal Information Technology Acquisition Reform Act (FITARA) documents can be found here: