Job description

Job Summary

We are a fast growing AWS security and compliance services partner with an exciting set of solutions in the security and operations management space. We were ranked #136 in the INC 500 and #26 in the Top 100 Cloud Managed Services Providers and are continuing to aggressively grow our FedRAMP, CMMC, DOD, FISMA and DFARS compliance cloud solutions practice. We provide cloud migration, cloud managed services and managed security services for US Federal and DOD Agencies.

To support our continued growth, we are looking to add an accomplished Sr. Director (Compliance) and Chief Information Security Officer (CISO) with experience in FedRAMP advisory, assessment and strategic consulting services with a focus on compliance frameworks including FedRAMP, FISMA, CMMC, HIPAA, PCI-DSS and SOC2 amongst others. The CISO will report to the Chief Solutions Officer (CSO) and will be the point of contact for information security and is responsible for oversight of compliance and enterprise-wide information security vision, strategy, policy, operations, and risk management functions. This role will be responsible for providing technical leadership and oversight of compliance deliverables, internal security & compliance, and growing the compliance practice. The CISO will also report, escalate, and remediate IT risk and compliance related issues, working in collaboration with various technical teams in the design, maturity, and implementation of audit, risk assessment, and regulatory compliance practices and documentation for FedRAMP and other frameworks.

The ideal candidate would have experience with successfully delivering AWS and cloud-based compliance solutions that cover a complex suite of current and emerging technologies including containers, serverless and hybrid-architectures.

Required Experience, Skills and Technology Qualifications

    • Develop, implement, and monitor strategic, comprehensive, enterprise information security and IT risk management programs.
    • Provide expert advice to senior leadership on effective strategies and technologies to efficiently deliver on FISMA and FedRAMP compliance requirements. Oversees development and maintenance of security authorization package deliverables, risk assessments, configuration management, contingency plans/testing, and continuous monitoring.
    • Drive the implementation and maturation of security controls against US Government and industry security frameworks such as NIST 800-53, NIST 800-171, Center for Internet Security, and Cloud Security Alliance.
    • Report to executive management on the effectiveness of the information security program that includes vulnerability management, incident response, security awareness, phishing assessments, progress of all security-related remedial actions.
    • Plan and oversee all enterprise and cloud penetration testing to assess defense-in depth architecture, network security, and web application security.
    • Provide direct support to business development and corporate procurement activities by reviewing information security terms included in proposals, agreements, and contracts to ensure supportability and suitability.
    • Work with Executive Leadership to define acceptable levels of business risk.
    • Work directly with the functional units to facilitate risk assessment and risk management processes.
    • Conduct security and privacy risk assessments to identify areas of unexpected risk to business and technology operations.
    • Assist with the overall technology planning, providing a future vision of technology and systems.
    • Develop metrics for evaluating the effectiveness and success of the security and privacy frameworks to ensure they meet the needs of all internal and external stakeholders.
    • Lead all privacy and security governance efforts to ensure alignment of the privacy and security program to the needs of the organization as well as legal and regulatory requirements.
    • Build and periodically test incident response programs based on business risk analysis.
    • Nurture and grow compliance team and foster a culture of learning, growth and innovation by understanding and adopting new developments such as OSCAL, AI/ML and automation.
    • Manage profitability, staff utilization and map to projects as well as budget/funding with projects with a compliance and continuous monitoring compliance footprint.

Education and Experience

    • 10 to 15 years of experience in a combination of risk management, information security, and IT roles
    • Minimum of 5 years of experience in a senior leadership role.
    • Successful track record of implementing security and privacy, and governance programs

Knowledge, Skills & Abilities

    • Proven senior leadership skills – the ability to balance team and individual responsibilities; building teams and consensus; ability to influence and get things done through others not directly reporting to you.
    • Deep and demonstrable knowledge of common information security management frameworks, such as NIST SP800-171,FedRAMP, FISMA,SOC 2, and ISO/IEC 27001.
    • Deep knowledge of global privacy and security laws and regulations.
    • Experience with contract and vendor negotiations and vendor management including managed services.

If you are qualified for this position please share your resume to hr@stackarmor.com