Back
Position

Senior Information Technology Security Officer

Company
Company
OKSI
Place
Los Angeles, CA
Apply
Added: April 20, 2024

Description: Senior Information Technology Security Officer is a pivotal leadership role within our cybersecurity framework, entrusted with the responsibility of safeguarding our company's digital assets, infrastructure, and information systems against cyber threats. This role is not only about safeguarding our digital assets but also about crafting and executing a comprehensive plan to achieve CMMC certification. The individual will spearhead the development of cybersecurity frameworks and controls that support our software developers and mechanical engineers, enabling them to excel without compromising on compliance and security standards.


Key Responsibilities:

  • Lead the organization's journey to CMMC certification, ensuring compliance with DFARS 7012.
  • Direct the assessment and gap analysis of current practices against CMMC standards, identifying areas for improvement and leading the charge to address them.
  • Lead cross-departmental collaborations to understand the unique operational needs of software development and mechanical engineering teams, integrating these requirements into the security frameworks to foster an environment of innovation while maintaining compliance.
  • Develop, enhance, and enforce IT security policies and procedures that meet compliance standards.
  • Regularly update and patch network infrastructure (Fortinet Stack).
  • Directly administer firewall rules and VLAN management.
  • Ensure the security, integrity, and availability of mission-critical systems through regular updates, patches, and vulnerability assessments.
  • Identify and rectify deficiencies and improve current IT functions, technologies, and processes.
  • Administer Microsoft 365 and AzureAD, ensuring secure and efficient operations.
  • Oversee inventory management and Endpoint Management Solutions (EMS) via Microsoft Intune.
  • Pioneer the development of compliant Ubuntu Linux baselines to adhere to NIST 800-171 controls.
  • Conduct gap assessment an improve Windows baseline to adhere to NIST 800-171 controls.
  • Oversee the IT team, providing guidance and hands-on support when necessary.
  • Provide end user support.
  • Conduct continuous monitoring by integrating our existing SIEM solution and create effective dashboards and automated alerts.
  • Manage relationships with third-party cloud providers and vendors, ensuring secure collaborations.
  • Champion the adoption and administration of secure password management systems and cultivate a cybersecurity-aware culture through regular training and educational initiatives.
  • Act as the Information System Security Manager (ISSM) for environments governed by NIST 800-53.


Minimum Requirements:


  • A minimum of 5 years of experience in IT security.
  • Proficiency in Microsoft 365 administration.
  • Expertise in Intune endpoint management.
  • Azure AD administration skills.
  • Experience with Docker technology.
  • Proficiency in administering Windows 11.
  • Proficiency in administering Ubuntu Linux.
  • Experience with Fortinet network solutions.
  • Familiarity with Gitlab administration.
  • Understanding of CMMC requirements and NIST 800-171 framework.
  • Understanding of NIST 800-53 framework.
  • Competency in policy writing, particularly with NIST 800-171 (CMMC) compliance.
  • Ability to occasionally work nights and weekends to support mission needs.
  • Ability to obtain or currently hold a DoD Security clearance.


Desired Education:


  • DoD 8570.01 certifications with a minimum of IAT Level II, CompTIA Security+ preferred.
  • IAT Level III (ISC)2 CISSP is highly desirable.


  • The ideal candidate for this role will be a dynamic and proactive leader, committed to maintaining the highest standards of cybersecurity and compliance. They will possess a strategic mindset to navigate the challenges of maintaining a compliant infrastructure in a dynamic development ecosystem, ensuring that security enhancements are seamlessly integrated without impeding developers' productivity.
Apply
Search