Job opening: Supervisory IT Cybersecurity Specialist (Policy and Planning)
Salary: $110 000 - 125 000 per year
Published at: Apr 04 2024
Employment Type: Full-time
This position is assigned to the Nonappropriated Fund Chief Information Officer N6, NAF System Branch N6Q; Commander, Navy Installation Command, Millington, TN. The incumbent is responsible for evaluating, planning, and directing the execution of system security architecture, information security, cybersecurity operations, contractor support, developing NAF Information Technology policy and procedures in accordance with Navy policy and interacting with Navy cybersecurity operations personnel.
Duties
Duties include but are not limited to:
Provides subject matter expertise to planning efforts with internal and external cyber operations partners
Communicates the value of IT cybersecurity throughout all levels of the organization stakeholders
Advises management on risk levels and cybersecurity posture
Advises management on cost/benefit analysis of information cybersecurity programs, policies, processes, and systems, and elements
Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
Supervises or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered
Leads the development or modification of the cybersecurity program
Defines scope, requirements and deliverables for initiatives assigned
Acquires and manages the necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals and objectives and reduce overall organizational risk
Monitors external data sources to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
Oversees the development/implementation of IT security plans/procedures
Conducts long-range, strategic planning efforts with internal and external partners
Works with branch head to manage day to day IT operations and assists in strategic planning/communications
Recommends resource allocations required to securely operate and maintain an organization's cybersecurity requirements
Acquires and manages the necessary resources, including leadership support, financial resources, and key security personnel, to support cybersecurity plans and organizational objectives
Serves on Service and inter-Service policy boards
Provides advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans
Assists in the development of Echelon II instructions related to NAF IT policy and develop processes to implement such NAF IT Policy
Recommends resource allocations required to securely operate and maintain an organization's cybersecurity requirements
Research cybersecurity policy and industry standards related to IT architecture and cybersecurity
Provides input to the NAF Risk Management Framework process activities and related documentation
Mitigates/corrects security deficiencies identified during system security/certification testing and/or recommend risk acceptance for the appropriate senior leader
Ensures plans of actions and milestones (POAMs) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, and/or inspections
Evaluates, monitor, or ensure compliance with laws, regulations, policies, or standards & procedures
Advocates for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials
Ensures all acquisitions, procurement, and outsourcing efforts address information security requirements consistent with organization goals
Validates the organization against policies, guidelines, procedures, regulations, laws to ensure compliance
Performs security reviews, identify gaps in security architecture, and develop a security risk management plan
Conducts PCI DSS Compliance reviews, reporting and monitoring tasks
Provides cybersecurity response to financial audits and internal control audits
Participates in Risk Governance process to provide security risks, mitigations, and input on other technical risk
Provides system related input on cybersecurity requirements to be included in statements of work
Reports organizational and system security posture trends
Performs security reviews and exercises to identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
Ensures security improvement actions are evaluated, validated, and implemented
Maintains situational awareness to determine if changes to the operating environment require review of the plan
Provides administrative and/or technical supervision (hiring, discipline, evaluation, and training) for up to nine NAF IT Specialists, NF-2210-04 and one APF IT Specialists, GS-2210-12
Develops section goals and staff responsibilities
Provides assistance/support to section staff in problem determination and correction.
Manages staff who provide information assurance, cybersecurity, governance, and compliance for networks, systems and applications under the oversight of the NAF Systems Branch
Develops and execute staffing plans and contractor requirements
Identifies/Addresses cyber workforce planning and management issues
Forecast ongoing service demands and ensure security assumptions and staffing are reviewed
Supports Commander, Navy Installations Command's (CNIC) EEO policy; fosters a work environment free of discrimination, harassment, and/or reprisal; and ensures equitable treatment of all staff
Requirements
- Must pass all applicable records and background check.
- Must successfully pass the E-Verify employment verification check. Any discrepancies must be resolved as a condition of employment.
- Must earn and maintain appropriate foundational and residential qualifications from the DoD Cyber Workforce Qualification Matrix (described in DODM 8140 and https://cyber.mil/wid/cwmp/qualifications-matrices/ ) within nine (9) months.
- Must participate in a continuous learning program as described in DODM 8140. A minimum of 20 hours of Cyber Workforce related continuous professional development annually or what is required to maintain certification, whichever is greater.
- Must have or be able to obtain and maintain a clearance for a Tier 3 (T3R 65) Investigation Noncritical Sensitive National Security Sensitivity designation and Moderate Risk designation.
Qualifications
In order to qualify for this position, resumes must provide sufficient experience, knowledge, skills, and ability to perform the duties of the position. Applicant resumes are the key means for evaluating skills, knowledge, and abilities as they relate to this position therefore, applicants are encouraged to be clear and specific when describing experience.
A qualified candidate possesses at least one of the following:
A four-year degree from an accredited college or university in one of the following fields: Computer Science, Cybersecurity, Engineering, Management Information Systems, or Mathematics. (Transcripts must be provided)
At least 5 years' specialized experience in NAF IT policy and procedures in accordance with the DON Cybersecurity operations.
A qualified candidate also possesses the following:
Broad, professional knowledge of IT technology specifically relating to cybersecurity risks and security controls/mitigations presented by operating systems, systems software applications, telecommunication networks, hardware components and different kinds of cloud services.
Knowledge of process for developing, scheduling, coordinating, and managing projects, relevant contracts, and resources.
Knowledge of one or more of the following software applications that the CNIC N9 organization supports: enterprise applications (ERP), program support applications (point-of-sale and recreation/activity management systems), commercial global networks, on-premises datacenters, cloud-based environments, and software-as-a-service.
Knowledge of system architecture methodologies, infrastructure design, system integration, contingency planning, and system life cycle management.
Knowledge of Payment Card Industry Data Security Standard (PCI-DSS) and its impact on cybersecurity controls for software applications and data transport mechanisms relevant to the CNIC N9 organization.
Knowledge of DOD and DON Cybersecurity policies.
Skill and ability to analyze system cybersecurity software/hardware alternatives and make recommendations for improvement.
Mastery ability to communicate effectively both orally and in writing to document technical support procedures and train technical staff.
Mastery skill in the NIST risk management framework.
Mastery skill in the as outlined in security controls and baselines outlined in the NIST SP 800-53 and SP 800-53B.
Skill in the use of Microsoft 365 programs (e.g., Teams, Planner, Word, Excel, Power Point, Outlook).
Skill in the effective and efficient use of planning and project/task assignment and tracking software.
Skill and ability to consistently develop and sustain cooperative working relationships with team members and within the organization.
Skill and ability to works effectively with customers and outside agencies, providing information or assistance, coordinating project/work task completion, and offering effective solutions.
Mastery skill and ability to makes sound, well informed and objective decisions. Be open to changed and new information to adapt behavior and work methods positively.
Skill to communicate with all levels of management.
Ability to inspire, motivate, and guide others toward goal accomplishments.
Mastery ability to monitor personal and work group performance and make recommendations for improved productivity.
Ability to inspire, motivate, and guide others toward goal accomplishments.
Skill to communicate with all levels of management.
Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
Education
- A four-year degree from an accredited college or university in one of the following fields: Computer Science, Cybersecurity, Engineering, Management Information Systems, or Mathematics. (Transcripts must be provided)
Contacts
- Address CNIC HQ
5720 Integrity Drive, Bldg. 457
Millington, TN 38055
US
- Name: CNIC NAF HRO
- Email: [email protected]
Map