Cloud Security and Compliance Manager
Washington, DC

Job Description

Job Description

Description

Position Description:

SAIC is currently looking for a Cloud Security and Compliance Manager in Washington, DC to support the Vanguard 2.2.1 Program, Information Assurance Service Line.

This position will be instrumental in assisting the IA Directorate in developing the Cloud Common Control program. The Cloud Security and Compliance Manager will work on the capabilities phases of the systems development life cycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes. Under the Information Assurance Service line, the Cloud Security and Compliance Manager will support the Department of State (DOS), Bureau of Information Resource Management (IRM), Information Assurance (IA) Directorate.

The Cloud Security and Compliance Manager will be responsible for Analyzing data/information from one or multiple sources to conduct preparation of the environment, respond to requests for information, and submit intelligence collection and production requirements in support of planning and operations.

The Cloud Security and Compliance Manager will work with and assist IA stakeholders with documenting new or updating existing plans, processes, procedures, work instructions and other documentation, identifying where processes can be streamlined, ensuring that the document management process is followed. The Cloud Security and Compliance Manager will report directly to the Vanguard 2.2.1 Service Line Director.

Description of Duties:

The Cloud Security and Compliance Manager is responsible for supporting the process definition and improvements activities under the Cloud Common Control project. The Cloud Security and Compliance Manager is responsible for ensuring the IA Cloud Common Control project is in compliance with the NIST standards and IRM/IA's requirements, and Vanguard 2.2.1 contract requirements.

The Cloud Security and Compliance Manager is responsible for:

* Provides enterprise architecture (EA) expertise to translate an enterprise's strategy into a future enterprise architecture and a transition plan (i.e. roadmap) to achieve that future state.
* Uses multi-disciplinary techniques, for example: business process decomposition and redesign, information engineering, organizational redesign, change management, IT strategy and architecture, and performance measurement, to assist in enterprise business transformation and EA implementation.
* Interacts at a variety of points within the enterprise's governance process to assist in implementation of the transition plan, to include organizational strategy development, portfolio and project management, systems development, and operations.
* Designs, develops, and maintains current and future views and data describing the enterprise architecture.
* Researches and advises on the selection of technologies to include within the enterprise architecture.
* Provides analyses of potential changes to the EA.
* Conducts reviews and analyses of architectures to ensure compliance with DoS policy.
* Provides oversight for the development and maintenance of quality programs, systems, processes and procedures to ensure EA policy compliance or to improve the EA.
* Coordinates and collaborates with subject matter expert and other architects to reflect reengineered business processes into the EA.
* Defines, develops, and provides expertise and guidance on EA processes, policies, roles and responsibilities.
* Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
* Identifying critical infrastructure systems with information communication technology that were designed without system security considerations.
* Leading, coordinating, and facilitating the creation of stakeholder reviews of required documentations necessary to support the Cloud Common Control project.
* Interviewing stakeholders to determine operational requirements and objectives, such as organization functions, inputs and outputs, and step-by-step procedures.
* Recommending, planning and developing a strategy to implement process improvements, including: as-is and future to-be state and monitoring results to verify effectiveness.
* Documenting process definitions attributes and work flows, including visual diagrams where appropriate.
* Examine processes holistically to understand the impact of change on people, strategy, systems and general business operations; articulate and present process change recommendations to Government and Contractor staff
* Collecting, collating and analyzing process performance/metric data; provide data analysis and feedback to the IA Service Line Lead and Government Technical Monitor for process improvement initiatives.
* Interfacing with the customer and participating in all Cloud Common Control project meetings.
* Reviewing current system security measures and recommending and implementing enhancements.
* Conducting regular system tests and ensuring continuous monitoring of network security.
* Developing project timelines for ongoing system upgrades.

Qualifications

Required Education/Experience:

* Bachelor's Degree in related discipline and 5+ years of experience working in a technical operations environment supporting mission critical systems. Additional experience in lieu of a degree will be considered.

Required Experience/Skills/Attributes:

* Cloud infrastructure experience, AWS and Azure who can document controls implementation statements in Xacta before an assessment
* Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
* Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
* Ability to effectively collaborate via virtual teams.
* Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
* Ability to exercise judgment when policies are not well-defined.
* Ability to focus research efforts to meet the customer's decision-making needs.
* Ability to function effectively in a dynamic, fast-paced environment.
* Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.
* Must be able to provide an independent assessment of how the IA's processes are being implemented relative to the defined processes to optimize the current work.
* Must have demonstrated and proven skills in writing documentation (i.e. standard operating procedures, user guides, and similar products) to clearly disseminate relevant information to an enterprise-wide audience to increase user awareness and provide relevant and different types of materials.
* Extremely strong, proficient and demonstrated oral and written communication skills with experience working effectively with direct customer, senior management, project management team members, and technical staff members regarding communication and system issues.
* Exceptional interpersonal, oral and written communication skills, with ability to work directly with customers, including VIP's.
* Ability to draft and generate original document artifacts.
* Strong organizational skills; ability to manage multiple tasks in a fast-paced environment with competing priorities and quick turnaround deliverables, and exceptional attention to details.
* Ability to work independently and focus on delivery of products and services on time.
* Strong analytical, critical thinking and problem-solving skills.
* Exhibits objectivity and openness to others' views as well as gives and welcomes feedback. Demonstrate an adaptive style that is flexible and effective in gaining cooperation of others.

Desired Experience/Skills/Attributes:

* Knowledge of cyber threats and vulnerabilities.
* Knowledge of specific operational impacts of cybersecurity lapses.
* Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
* Knowledge of analytical constructs and their use in assessing the operational environment.
* Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).
* Knowledge of classification and control markings standards, policies and procedures.
* Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
* Knowledge of the intelligence frameworks, processes, and related systems.
* Knowledge of the structure and intent of organization specific plans, guidance and authorizations.
* Knowledge of the ways in which targets or threats use the Internet.
* Knowledge of threat and/or target systems.
* Knowledge of what constitutes a "threat" to a network.
* Knowledge in IT Service Management (ITSM), IT Infrastructure Library (ITIL) certification a strong plus.
* Familiarity/Experience with ISO and CMMI a strong plus
* Competency in Microsoft