Information Security Officer
The Information Security Lead Officer will be the main point of contact focusing compliance and cyber security initiatives. This role reports directly to the CIO and will be in charge of both the technical and visionary trajectory of their security vertical. This person will work closely with engineering and support teams on both a tactical and strategic level to build and manage IT security & compliance policy, documentation and risk. This person will lead and drive the enterprise information security risk management program in line with IT security policy, best practices and leading industry standards. The ISO will be technically strong and may be hands on as you build our security and compliance group. This person will own network security, vulnerability management, incident response, 3rd party vendor management, data privacy and be champion for security and data governance across the organization.
- Identify, assess, measure, and monitor information risk by performing and overseeing risk assessments, vulnerability assessments, application security assessments, penetration tests, and 3rd party information security risk assessments.
- Manage and maintain an information compliance program aligned with industry standards that address legal and regulatory compliance considerations in DFARS, NIST, CMMC focused environment.
- Hands-on experience implementing, managing and monitoring security services and solutions.
- Work with technology and business teams to develop and document risk assessment plans, including recommendations for risk avoidance, risk mitigation, risk transfer, and risk acceptance
- Enforcement of regularly scheduled compliance activities of all operating units and internal departments for daily, monthly, quarterly, and annual controls
- Performs regular systems security and compliance audits to detect unauthorized activities and maintain security compliance.
- Provides compliance oversight and guidance across areas such as application, infrastructure and physical controls
- Deliver actionable recommendations to critical stakeholders based on data analysis and findings
- Participate in the development or revision of system-specific security safeguards based on NIST and FedRAMP regulations.
- Understand and prioritize information security threats and risks pertinent to the company’s business objectives and compliance requirements.
- Business Continuity Program and Disaster Recovery Program management and documentation
- Maintain an up-to-date understanding of emerging trends in information security threats and risks
- Direct experience with NIST SP 800-171, 800-53, 800-53A, FIPS199.
- Demonstrated experience performing risk management activities developing and maintaining System Security Plans (SSPs), Risk Assessment and Recommendations (RARs), Plan of Action and Milestones (POA&M), and developing Executive-level briefings
- Bachelor’s degree with specialization in IT, MIS or Computer Engineering or equivalent experience.
- 5 years of overall experience information technology field
- 3 years of experience specifically related to Information Security, Risk and Compliance management
Loyal Source is an Orlando-based workforce solutions provider dedicated to delivering elite services worldwide. With a focus in government healthcare, technical and support services, engineering, and travel healthcare, Loyal Source provides exceptional custom solutions to both private enterprise and government agencies. Loyal Source is a military friendly employers and proud partner of the Military Spouse Employment Partnership program.
For more information go to our website www.loyalsource.com and follow us on LinkedIn, Facebook & Twitter for other positions currently open.
Loyal Source does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.