Election Security Program Manager

Location: Round Rock, Texas
Date Posted: 10-05-2018
Job Summary:
CyberDefenses is the national leader in Cybersecurity for election departments.  Join our team as we work closely with local leaders to dramatically improve the security posture and controls of each county.  If you have a drive to be involved in our national security and protect our democratic process and a strong interest and background in cybersecurity risk assessments and analysis, then we want to talk to you!  
Reporting to the Chief Technical Officer, the Election Security Program Manager provides support for Cybersecurity assessments and services of election departments of counties and states.  This individual will work directy with client counties to help educate and guide . We are looking for a team member that is driven to improve the security profile of our clients. 
This role works out of our Round Rock, TX headquarters and requires approximately 20% travel to client locations. 
Candidates will need to pass a Department of Public Safety background check for our work with the State of Texas. 
Responsibilities Include: 
  • Leads and manages information security programs to develop timely and accurate information security recommendations to internal and external stakeholders.  
  • Manages programs supporting information technology and security governance, risk, and compliance.  
  • Serve as primary point of contact for Services clients, tracking all elements of services delivered and tracking and reporting relevant metrics. 
  • Support development and understanding of the policies, procedures, and processes to manage and monitor the organization's regulatory, legal, risk, environmental, and operational requirements needed to inform the management of cybersecurity risk.  
  • Leads programs and teams to maintain compliance with various Risk Management Frameworks (NIST, CIS, etc).  
  • Documents and identifies data classification, data retention, information transfer, and asset management requirements and procedures.  
  • Maintains technology risk register.  
  • Leads enterprise-wide program to ensure the organization's personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities. Monitors training program completion to ensure all users are informed and trained.  
  • Advises on standards and best practices to inventory the organization's physical devices and systems, and software platforms and applications.  
  • Bachelor's Degree in Information Security, Cybersecurity, Information Systems, or related.  
  • Must have five (5) years' experience in compliance, risk, program, policy, and training and education development.  
  • Skill in preparing responses to reviews and requests for information concerning information security matters.  
  • Experience reviewing and maintaining an organization's information security plan.  
  • Must be proficient with MS Word and Excel. • Candidate must demonstrate excellent writing and communication skills and his or her ability to work with teams and external stakeholders.  
  • Candidate must demonstrate excellent organizational skills and his or her ability to work with internal and external stakeholders.  
  • Knowledge and experience with NIST's Risk Management Framework  
  • CISSP or CISA certification highly desired.  
  • Must be able to travel locally and nationally. 
  • Able to communicate expertly through writing, speaking, and presenting to groups and key client stakeholders 
  • Team player capable of productively contributing to the CyberDefenses mission by supporting fellow teammates and clients in a dynamic growing and changing environment 
  • Knowledgeable of network and security architecture principles, firewall and IDS/IPS fundamentals, endpoint security systems and other security protective/detective systems 
  • Experience with IT system and/or network administration 
  • Knowledgeable of cybersecurity operations and essential security program functions that include event monitoring and SIEM technologies, vulnerability scanning and management, access controls and authentication measures,  
  • Capable of connecting threat analysis to risk management principles to formulate priorities and provide business level risk decision support 
  • Capable of working independently, establishing and managing task completion within deadlines that are responsive to client needs 
  • Knowledgeable of information security frameworks including NIST Cybersecurity Framework, NIST Special Publications (i.e., 800-30, 800-37, 800-53, 800-171), ISO27001/2, as well as regulatory/compliance mandates such as HIPAA, PCI-DSS, GLBA, FFIEC guidelines and others 
  • Possess or have completed testing for an industry-leading certification including CISSP, CISA, CISM, GIAC or other recognized credential 
  • Computer Science or related 4-year degree 
  • 5+ years in the Cybersecurity industry as in operator, developer or risk assessment roles 
  • 2+ years in a Program Management role  
Preferred Skills and Qualifications: 
  • Experience conducting risk assessment work or IT auditing of compliance requirements or framework gap analysis 
  • Experience and/or knowledge of Election systems 
  • Experience with penetration testing, application security testing 
  • Experience quickly learning, independently reaching stretch goals, and continually improving knowledge and capabilities 
  • Experience taking on complex and difficult problems, formulating a path forward, and executing steps that demonstrate meaningful progress
this job portal is powered by CATS