Info System Security Lead

Gilbane Building Company - Columbus, OH

posted 3 months ago

Full-time - Mid Level
Columbus, OH
Construction of Buildings

About the position

The Information Systems Security Lead at Gilbane Building Company is responsible for creating and maintaining comprehensive information security policies and procedures that comply with U.S. Federal Government industrial security programs. This role involves assessing and ensuring the implementation of new information security technologies within designated environments, establishing training programs for information security, and monitoring compliance with established security frameworks as mandated by contracts, laws, regulations, or statutes. The position is critical in supporting the organization's cybersecurity posture and ensuring that all security measures align with the company's commitments in the Defense Industrial Base. In this role, the Information Systems Security Lead will acquire and manage necessary resources, including leadership support and key security personnel, to achieve IT security goals and reduce organizational risk. The lead will advise senior leadership on changes affecting the cybersecurity posture and will be responsible for collecting and maintaining data required for system cybersecurity reporting. The position also entails ensuring that security improvement actions are evaluated and implemented, coordinating cybersecurity inspections and tests, and identifying alternative security strategies to meet organizational objectives. The lead will oversee the information security training and awareness program, participate in risk assessments, and contribute to the development of cybersecurity program plans. Additionally, the role includes preparing and maintaining plans and standard operating procedures related to network system security operations, providing input on cybersecurity requirements for procurement documents, and managing responses to security incidents. The Information Systems Security Lead will also track audit findings and ensure that appropriate mitigation actions are taken, supporting compliance activities and ensuring that security requirements are effectively implemented and maintained.

Responsibilities

  • Acquire and manage necessary resources to support IT security goals and reduce organizational risk.
  • Advise senior leadership on changes affecting the organization's cybersecurity posture.
  • Collect and maintain data needed for system cybersecurity reporting.
  • Ensure security improvement actions are evaluated, validated, and implemented as required.
  • Coordinate cybersecurity inspections, tests, and reviews for the network environment.
  • Identify alternative information security strategies to address organizational security objectives.
  • Manage monitoring of information security data sources to maintain organizational situational awareness.
  • Oversee the information security training and awareness program.
  • Participate in information security risk assessments as required by the CMMC program.
  • Develop or modify computer environment cybersecurity program plans and requirements.
  • Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures for network system security operations.
  • Provide system-related input on cybersecurity requirements for procurement documents.
  • Recognize and report possible security violations as required.
  • Recommend resource allocations for secure operation and maintenance of cybersecurity requirements.
  • Supervise or manage protective measures when cybersecurity incidents or vulnerabilities are discovered.
  • Track audit findings and ensure appropriate mitigation actions are taken.
  • Ensure plans of actions and milestones for vulnerabilities identified during assessments are in place.
  • Assure successful implementation of security requirements and IT policies consistent with organizational goals.
  • Support compliance activities to ensure system security configuration guidelines are followed.

Requirements

  • Bachelor's degree in computer science, information technology, cybersecurity, or related field.
  • 6-10 years of relevant experience in information security or related fields.
  • CISM, CISSP, or EC-Council equivalent or cybersecurity-related certifications desired.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of cybersecurity principles for managing risks related to information processing and transmission.
  • Knowledge of incident response and handling methodologies.
  • Knowledge of current industry methods for IT security assessment, monitoring, detection, and remediation.
  • Knowledge of risk management processes for assessing and mitigating risk.
  • Knowledge of server administration and systems engineering theories and concepts.
  • Knowledge of system software and organizational design standards.
  • Knowledge of system life cycle management principles, including software security and usability.
  • Knowledge of the organization's enterprise IT goals and objectives.
  • Knowledge of network attacks and their relationship to threats and vulnerabilities.
  • Skill in creating policies that reflect system security objectives.
  • Skill in determining how a security system should work and its resilience capabilities.
  • Knowledge of information security program management and project management principles.
  • Knowledge of the organization's risk tolerance and risk management approach.
  • Knowledge of enterprise incident response program roles and responsibilities.
  • Knowledge of current and emerging threats and threat vectors.
  • Knowledge of PII data security standards and applicable laws related to cybersecurity.

Nice-to-haves

  • Experience with cloud computing service models (SaaS, IaaS, PaaS).
  • Familiarity with NIST Special Publications concerning Information Security and Cybersecurity.

Benefits

  • Competitive health and welfare benefits.
  • Generous profit-sharing/401k plan.
  • Investment in employee education through Gilbane University.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service