This position is assigned to the Nonappropriated Fund Chief Information Officer N6, NAF System Branch N6Q; Commander, Navy Installation Command, Millington, TN. The incumbent is responsible for evaluating, planning, and directing the execution of system security architecture, information security, cybersecurity operations, contractor support, developing NAF Information Technology policy and procedures in accordance with Navy policy and interacting with Navy cybersecurity operations personnel.

Duties

Duties include but are not limited to: Provides subject matter expertise to planning efforts with internal and external cyber operations partners Communicates the value of IT cybersecurity throughout all levels of the organization stakeholders Advises management on risk levels and cybersecurity posture Advises management on cost/benefit analysis of information cybersecurity programs, policies, processes, and systems, and elements Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities Supervises or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered Leads the development or modification of the cybersecurity program Defines scope, requirements and deliverables for initiatives assigned Acquires and manages the necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals and objectives and reduce overall organizational risk Monitors external data sources to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise Oversees the development/implementation of IT security plans/procedures Conducts long-range, strategic planning efforts with internal and external partners Works with branch head to manage day to day IT operations and assists in strategic planning/communications Recommends resource allocations required to securely operate and maintain an organization's cybersecurity requirements Acquires and manages the necessary resources, including leadership support, financial resources, and key security personnel, to support cybersecurity plans and organizational objectives Serves on Service and inter-Service policy boards Provides advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans Assists in the development of Echelon II instructions related to NAF IT policy and develop processes to implement such NAF IT Policy Recommends resource allocations required to securely operate and maintain an organization's cybersecurity requirements Research cybersecurity policy and industry standards related to IT architecture and cybersecurity Provides input to the NAF Risk Management Framework process activities and related documentation Mitigates/corrects security deficiencies identified during system security/certification testing and/or recommend risk acceptance for the appropriate senior leader Ensures plans of actions and milestones (POAMs) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, and/or inspections Evaluates, monitor, or ensure compliance with laws, regulations, policies, or standards & procedures Advocates for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials Ensures all acquisitions, procurement, and outsourcing efforts address information security requirements consistent with organization goals Validates the organization against policies, guidelines, procedures, regulations, laws to ensure compliance Performs security reviews, identify gaps in security architecture, and develop a security risk management plan Conducts PCI DSS Compliance reviews, reporting and monitoring tasks Provides cybersecurity response to financial audits and internal control audits Participates in Risk Governance process to provide security risks, mitigations, and input on other technical risk Provides system related input on cybersecurity requirements to be included in statements of work Reports organizational and system security posture trends Performs security reviews and exercises to identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy. Ensures security improvement actions are evaluated, validated, and implemented Maintains situational awareness to determine if changes to the operating environment require review of the plan Provides administrative and/or technical supervision (hiring, discipline, evaluation, and training) for up to nine NAF IT Specialists, NF-2210-04 and one APF IT Specialists, GS-2210-12 Develops section goals and staff responsibilities Provides assistance/support to section staff in problem determination and correction. Manages staff who provide information assurance, cybersecurity, governance, and compliance for networks, systems and applications under the oversight of the NAF Systems Branch Develops and execute staffing plans and contractor requirements Identifies/Addresses cyber workforce planning and management issues Forecast ongoing service demands and ensure security assumptions and staffing are reviewed Supports Commander, Navy Installations Command's (CNIC) EEO policy; fosters a work environment free of discrimination, harassment, and/or reprisal; and ensures equitable treatment of all staff

Requirements

• Must pass all applicable records and background check.
• Must successfully pass the E-Verify employment verification check. Any discrepancies must be resolved as a condition of employment.
• Must earn and maintain appropriate foundational and residential qualifications from the DoD Cyber Workforce Qualification Matrix (described in DODM 8140 and https://cyber.mil/wid/cwmp/qualifications-matrices/ ) within nine (9) months.
• Must participate in a continuous learning program as described in DODM 8140. A minimum of 20 hours of Cyber Workforce related continuous professional development annually or what is required to maintain certification, whichever is greater.
• Must have or be able to obtain and maintain a clearance for a Tier 3 (T3R 65) Investigation Noncritical Sensitive National Security Sensitivity designation and Moderate Risk designation.

Qualifications

In order to qualify for this position, resumes must provide sufficient experience, knowledge, skills, and ability to perform the duties of the position. Applicant resumes are the key means for evaluating skills, knowledge, and abilities as they relate to this position therefore, applicants are encouraged to be clear and specific when describing experience. A qualified candidate possesses at least one of the following: A four-year degree from an accredited college or university in one of the following fields: Computer Science, Cybersecurity, Engineering, Management Information Systems, or Mathematics. (Transcripts must be provided) At least 5 years' specialized experience in NAF IT policy and procedures in accordance with the DON Cybersecurity operations. A qualified candidate also possesses the following: Broad, professional knowledge of IT technology specifically relating to cybersecurity risks and security controls/mitigations presented by operating systems, systems software applications, telecommunication networks, hardware components and different kinds of cloud services. Knowledge of process for developing, scheduling, coordinating, and managing projects, relevant contracts, and resources. Knowledge of one or more of the following software applications that the CNIC N9 organization supports: enterprise applications (ERP), program support applications (point-of-sale and recreation/activity management systems), commercial global networks, on-premises datacenters, cloud-based environments, and software-as-a-service. Knowledge of system architecture methodologies, infrastructure design, system integration, contingency planning, and system life cycle management. Knowledge of Payment Card Industry Data Security Standard (PCI-DSS) and its impact on cybersecurity controls for software applications and data transport mechanisms relevant to the CNIC N9 organization. Knowledge of DOD and DON Cybersecurity policies. Skill and ability to analyze system cybersecurity software/hardware alternatives and make recommendations for improvement. Mastery ability to communicate effectively both orally and in writing to document technical support procedures and train technical staff. Mastery skill in the NIST risk management framework. Mastery skill in the as outlined in security controls and baselines outlined in the NIST SP 800-53 and SP 800-53B. Skill in the use of Microsoft 365 programs (e.g., Teams, Planner, Word, Excel, Power Point, Outlook). Skill in the effective and efficient use of planning and project/task assignment and tracking software. Skill and ability to consistently develop and sustain cooperative working relationships with team members and within the organization. Skill and ability to works effectively with customers and outside agencies, providing information or assistance, coordinating project/work task completion, and offering effective solutions. Mastery skill and ability to makes sound, well informed and objective decisions. Be open to changed and new information to adapt behavior and work methods positively. Skill to communicate with all levels of management. Ability to inspire, motivate, and guide others toward goal accomplishments. Mastery ability to monitor personal and work group performance and make recommendations for improved productivity. Ability to inspire, motivate, and guide others toward goal accomplishments. Skill to communicate with all levels of management. Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Education

• A four-year degree from an accredited college or university in one of the following fields: Computer Science, Cybersecurity, Engineering, Management Information Systems, or Mathematics. (Transcripts must be provided)

Contacts

• Address CNIC HQ 5720 Integrity Drive, Bldg. 457 Millington, TN 38055 US
• Name: CNIC NAF HRO
• Email: [email protected]