Director IT Security - Silver Spring, MD
Rate: 140- 150k
Seeking an Director IT Security to manage and direct all activities
within the Information Security Office and may also be appointed to
hold the role of Information Security Officer (ISO).
Responsible for the development and maintenance of an
enterprise-wide information security program to assure information
assets are adequately protected.
Knowledgeable of Information Security best practices and regulatory
and compliance requirements that impact security for the
enterprise. This includes, FISMA, FedRAMP, HIPAA, HITECH, PCI,
HITRUST and 21 CFR Part 11.
The ISM develops policies and standards that direct security
functions relative to information technology systems, networks,
applications, voice and data communications, computing services and
operational processes within the enterprise.
? Works closely with the ITS Director, and Senior Leadership to
ensure the security of the firm?s and client?s systems and data
? Oversee the development and implementation of a company-wide
Information Security training and awareness
? Provides strategic and technical security guidance for all IT
projects, including establishing baseline system standards,
evaluation of the enterprise architecture, hardware, software, and
technical controls and works closely with the IT Operations and
? Ensures the access control, disaster recovery, business
continuity, incident response, and risk management needs of the
organization are properly addressed in conjunction with relevant
functions and third parties.
? Ensures implementation and compliance of federal regulations
including FISMA, FedRAMP, HIPAA and 21 CFR Part 11.
? Manages and performs Certification and Accreditation activities
for projects when required and tracks and reports on all Plans of
Action and Milestones (POA&M) activities.
? Performs ongoing information risk assessments and audits
? Leads an incident response team to contain, investigate, and
prevent future computer security breaches.
? Leads the design, implementation, operation and maintenance of
the Information Assurance and Security Management Systems.
? Bachelor's in a computers- with 8 yrs of relevant IT
Bachelor?s degree in a non-computer with 10 years of relevant IT
? At least four years of full-time work experience in an
information security management and/or related function (i.e. IT
audit and IT Risk Management). Information security management
qualifications such as CISSP or CISM.
Hands-on team leadership and management experience.
? A background in technical IT roles such as IT architecture,
development or operations, with a clear and abiding interest in
Demonstrated experience interpreting and implementing controls
meeting the compliance and security NIST special publications,
FISMA, HIPAA, and other guidance regarding systems and data
Must have strong working knowledge of pertinent law and the law
Excellent written and oral communications skills are required.
IT audit, IT Risk Management, CISSP or CISM , IT Security,
Information Security, FISMA,
FedRAMP, HIPAA, HITECH, PCI, HITRUST, disaster recovery
We are an equal employment opportunity employer and will consider
all qualified candidates without regard to disability or protected