Information Systems Security Manager

- Acquire and manage necessary resources including leadership backing, financial means, and key security personnel to support IT security objectives and reduce overall organizational risk. - Obtain required resources, including funding, for an effective enterprise continuity of operations program. - Advise senior management (e.g., Chief Information Officer) on risk levels and the security posture of the organization. - Provide cost/benefit analysis on information security programs, policies, processes, systems, and components to senior management. - Inform relevant senior leadership or Authorizing Official about changes affecting the organizations cybersecurity posture. - Collect and maintain necessary data for cybersecurity reporting. - Convey the importance of IT security throughout all organizational levels and stakeholders. - Collaborate with stakeholders to develop the enterprise continuity of operations program, strategy, and mission assurance. - Ensure that security improvement measures are assessed, validated, and executed as needed. - Coordinate cybersecurity inspections, tests, and reviews for the network environment. - Integrate cybersecurity requirements into continuity planning for systems and organizations. - Acquire or develop protection and detection capabilities consistent with the organizations cybersecurity architecture. - Establish an overall enterprise information security architecture aligned with the security strategy. - Evaluate and approve development initiatives to ensure appropriate security safeguards are implemented. - Assess cost/benefit, economic, and risk analyses in decision-making processes. - Identify alternative information security strategies to meet organizational security goals. - Pinpoint implications of new technologies or upgrades on the IT security program. - Interface with external entities (like public affairs, law enforcement, and Inspector General) to correctly disseminate incident and Computer Network Defense information. - Interpret and approve security requirements in relation to new information technology capabilities. - Analyze patterns of noncompliance to assess their impact on risk levels and the overall efficacy of the cybersecurity program. - Lead the alignment of IT security priorities with the overall security strategy. - Oversee the information security budget, staffing, and contracting processes. - Manage the monitoring of information security data sources for organizational situational awareness. - Publish Computer Network Defense guidance for the enterprise audience. - Conduct threat or target analyses of cyber defense information and generate relevant threat information for the organization. - Evaluate the effectiveness of the enterprises cybersecurity protections to ensure adequate security levels are maintained. - Supervise the information security training and awareness program. - Participate in information security risk assessments during the Security Assessment and Authorization process. - Develop, distribute, and maintain security plans, instructions, guidance, and standard operating procedures for network system operations. - Offer enterprise cybersecurity and supply chain risk management guidance for the Continuity of Operations Plans. - Provide leadership and direction to IT personnel by ensuring cybersecurity training and awareness are provided according to their responsibilities. - Utilize techniques for detecting host and network-based intrusions using intrusion detection technologies. - Integrate information security needs into the acquisition process while ensuring compliance with baseline security controls and robust quality assurance processes. - Identify critical infrastructure systems designed without security considerations in mind.