Cyber Security / SA&A - Falls Church
Washington, DC

Job Description

Job Description

At Lockheed Martin Rotary and Mission Systems, Cyber Solutions, we are driven by innovation and integrity. We invite you to step up to one of today's most daunting yet rewarding challenges as a Lockheed Martin Cyber Security professional.You'll protect the networks that our citizens and the world depend upon each minute: Point of Sales Financial Assets, Critical infrastructure, Transportation, Automation and the uninterrupted flow of materials throughout the world which keeps our modern life moving. Here, you'll work with cybersecurity experts on the forefront of threat prediction, detection and eradication before an adversary could gain a foot hold, using industry leading methodologies and tools. In this fast-paced, real-world environment, you'll draw on all of your education and experience as well as the vast resources of Lockheed Martin Corporation to keep cyber threats at bay.

The Enterprise Information Security Compliance (EISC) Lead sets the overall strategy for the inter-process communication of Postal Service's major information security assurance processes, such as Continuous Monitoring, CISO Compliance, SOX Control Testing, PCI Assessments and Privacy. The EISC Lead analyzes the Postal Service's Functional Business Areas and their related information security tasks, then identifies or creates cross-functional processes for monitoring compliance to information security policies and standards.

The EISC Lead must be an excellent communicator with a mastery of information security principles, capable of finding common themes in diverse ideas, quickly determining feasibility of new concepts, and translating management intent into practical action plans.

Additionally the EISC Lead must have current knowledge of industry best practices, expertise in the CERT RMM Framework, and be knowledgeable in the ISO 27001/2, NIST Frameworks, CIS controls and General Data Protection Regulations (GDPR).

The EISC Lead will work as part of the Deputy CISO portfolio in the Corporate Information Security Office (CISO), reporting to the Cybersecurity Policy, Quality and Compliance Manager.

Key Responsibilities:

o Subject Matter Expert for the Postal Service on the Compliance Process Area of the CERT RMM Framework

o Lead the enterprise-wide scoping of the CISO Compliance Program using the CERT RMM Framework

o Develop the strategy for ensuring enterprise-wide compliance of replacement Information Security Policy

o Serve as a principle advisor for the development of the Replacement Information Security Policy to ensure the its structure is conducive for ensuring enterprise-wide compliance

o Advise VP, CISO on the creation on an Information Security Executive Council

o Coordinate with Postal Business Units to assess their information security tasks and current levels of compliance

o Obtain a firm comprehension of organizational structure, organizational history and operations to effectively engage stakeholders on incorporating new compliance processes

o Design cross functional assurance processes to monitor Business Units' conformance to information security policies and standards

o Organize and facilitate ISO 27001/2 training for Postal Service information security stakeholders

o Incorporate feedback from Sr. Leadership, Stakeholders, and staff to assess and address organizational compliance requirements

o Lead team members in planning and facilitating quarterly compliance assessments against applicable policies, standards and SOPs

o Lead team members in drafting assessment results detailing the organization's level of compliance to applicable policies, standards and SOPs

o Identify areas of non-compliance and inform management of corresponding costs and risk to the organization

o Coordinate all Payment Card Industry (PCI) and Sarbanes and Oxley Act (SOX) requirements for the CISO organization

o Maintains a secure information repository for managing all compliance related artifacts for the organization

Basic Qualifications

* CERT RMM Training and at least one-year experience implementing or operating within a specific RMM process area
* Knowledge of GDPR, CIS controls and the ISO 27001/27002 control framework
* 10+ years' experience in information technology, compliance, data protection/privacy, and/or information security
* Knowledge of Controlled Unclassified Information (CUI) requirements
* Knowledge of risk analysis and business/privacy/data protection impact analysis for information resources
* Knowledge of data privacy and security requirements under NIST, ISO 27001/2, CIS, CSC frameworks and other relevant legislation when appropriate for business
* BS Degree in Information Security, Cybersecurity, Information Assurance, Risk Management, OR equivalent work experience.
* Ability to develop, track, and present metrics and provide analysis for measuring program effectiveness
* Excellent written communication, with experience in technical writing/editing
* Knowledge of documentation, to include, document taxonomies, document management, version control, and artifact/evidence management
* Excellent team leadership skills, to include, interpersonal skills, delegation, time management, training skills, and conflict resolution
* Excellent presentation skills, to include interview skills, briefing, meeting facilitation skills for engaging personal at all levels
* CERTIFICATIONS: (One or more desired) CompTIA Security+ CE, OR; Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC), OR; ISC2 Systems Security Certified Practitioner (SSCP), OR; Cisco Certified Network Associate (CCNA) Security.
* CLEARANCE: Must be able to obtain a Position of Public Trust Designation - US Citizen or Green Card Holder. Willingness to submit to a Tier 5 Single-Scope Background Investigation (SSBI).