Logo for DataLock Consulting Group

Technical Manager

Role overview

Qualifications

  • 8+ years of experience in security programs (master’s degree substitutes for 5 years)
  • 5+ years of experience in auditing and/or assessment
  • Extensive experience developing and documenting ROEs, SAPs, and SARs
  • Extensive knowledge of the NIST Cybersecurity Framework, RMF, FIPS, and NIST 800-53/800-53A

Responsibilities

  • Assist in developing a Security Control Assessment (SCA) strategy and process flow
  • Integrate SCA with continuous monitoring and CDM
  • Serve as technical manager, assign tasks to the security assessment lead, and develop schedules and resource plans
  • Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs)

About the company

DataLock Consulting Group logo

DataLock Consulting Group

Established in 2013, DataLock Consulting Group is a rapidly growing Cybersecurity consulting firm, providing security solutions to the federal government and the commercial sector. Located in the heart of Northern Virginia, DataLock is a Small Disadvantaged Business (SDB). DataLock exists to help your organization manage Cybersecurity risks while improving your security posture. We understand the complexity of securing today’s interconnected IT networks and data, so you don’t have to.

Company details

Company size11 - 50

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

This is a remote position.

Job Description- Technical Manager

1. POSITION TITLE

Technical Manager


2. REPORTS TO

Managing Partner


3. DELEGATION OF DUTIES DURING ABSENCE

Managing Partner. To be determined prior to time of absence.


4. SUMMARY

The Technical Manager\Lead Security Assessor will conduct security control assessments of the security and privacy controls implemented by an information system to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary. Following the NIST Cybersecurity Framework, Risk Management Framework and using NIST 800-53A, verifies the security status of existing information systems with an Authority to Operate (ATO) by performing appropriate assessments on any new system developed or deployed by the customer, and conducts audits of security controls to ensure continuous monitoring of systems assigned. Assesses systems that have previously been assessed and received an ATO and systems that have not yet been assessed and do not have an ATO.


5. RESPONSIBILITES

· Assist in developing a Security Control Assessment (SCA) strategy for the organization; to include an overall assessment process flow or swim-lane diagram which documents the steps required to conduct assessment activities and interact with all necessary parties.

· Integrate SCA functions with overall continuous monitoring and Continuous Diagnostic and Mitigation (CDM).

· Serve as a technical manager and assigns tasks to the security assessment lead; develop associated schedules and resource plans to complete the assessments.

· Identify and document the appropriate security assessment level of effort and project management information to include tasks, reviews (including compliance reviews), resources, due dates, and milestones for the system being tested

· Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs).

· Work closely with ISSOs (contractors and Government) and the technical team and ensure all appropriate A&A supporting documentation is provided prior to conducting the assessment.

· Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.

· Conduct Security Assessment Kickoff briefings and SAR briefings.

· Review cyber/system/network security body of evidence and documentation for accuracy and completeness.

· Conduct security controls assessment of applicable security controls and privacy controls; assess implemented security controls and provide assurance that they are operating as intended

· Analyze security control findings for information systems and applications to convey weaknesses

· Document security assessment results accurately; read, understand, and convey vulnerabilities found during the assessments

· Create security assessment results and document recommendations in a SAR for remediations and security control measures

· Perform audits of each system and provide an authorization recommendation based on determination of risk to the customer

· Audits will include unprivileged and privileged scans against each applicable system.

· Audits will include unprivileged and privileged database scans against each applicable database management system (DBMS).

· Perform quality control on the assessment and associated deliverables.

· Conduct Post Assessment Meetings with the customer.

· Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines.

· Develop and maintain a schedule for conducting reoccurring Continuous Monitoring and ongoing CDM efforts once the initial assessments are complete.

· Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system.



Requirements

6. MINIMUM EXPERIENCE AND SKILLS

· 8 years of experience in security programs (master’s degree substitutes for 5 years).

· 5 years of experience in auditing and/or assessment.

· Extensive experience with developing and documenting the ROEs, SAPs, and SARs.

· Extensive experience and expert knowledge of the NIST Cybersecurity Framework, Risk Management Framework, FIPS, and other NIST A&A publications.

· Extensive experience utilizing NIST 800-53 and 800-53A.

· Strong experience assessing and providing recommendation on the following: Privacy Impact Assessment, Risk Assessment, System Security Plan, Disaster Recovery / Contingency Plan, and Incident Response Plan.

· Strong knowledge of the Systems Development Life Cycle (SDLC) and its application in the development of technology solutions.

· Expert knowledge and skills to perform and document the assessment

· Significant experience with tools such as Nessus, Web Inspect, Db Protect and Splunk.

· Strong technical background with Windows, Unix, legacy systems, databases, web servers/applications, cloud and virtualization environments.

· Familiar with the cloud environments (services/security) and FedRAMP A&A process.

· Strong project management, time management, and work sequencing skills.

· Effective verbal and written communication skills with ability to effectively communicate with all levels of users and teammates both written and verbally.

· Effective technical writing and documentation processing skills.


7. MINIMUM EDUCATION

· BS/BA degree in Information Technology or related cyber/cyber-security field with 8+ years of experience

· Or Master’s degree with 3+ years of experience

· Or equivalent experience.


8. CERTIFICATIONS

· Must possess an ISC2 Certified Information System Security Professional (CISSP) certification.

· Must possess one of the following certifications:

o CompTIA Advanced Security Practitioner (CASP+ CE)

o GIAC Certified Enterprise Defender (GCED)

o GIAC Certified Incident Handler (GCIH)

o GIAC Security Leadership (GSLC)

o Certified Information Systems Auditor (CISA)

o Certified Information Security Manager (CISM)

o Certified Cloud Security Professional (CCSP)

o CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)

o CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)

o CISSP-Information Systems Security Management Professional (CISSP-ISSMP)

o CyberSec First Responder (CFR)

o Certified Chief Information Security Officer (CCISO)

o BCR Cyber Technical Proficiency Testing Activity



Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Technical Product Manager Related jobs

Other jobs at DataLock Consulting Group

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.