Chief Information Security Officer jobs in Tucson, AZ

• Ensure physical and environmental protection measures are coordinated with the appropriate security officials.
• Ensure systems are operated, maintained and disposed of in accordance with security policies and procedures as outlined in the security authorization artifacts.
• Ensure IS security artifacts in Xacta are maintained and updated as needed.
• Ensure all IS security-related documentation is current and accessible to properly authorized individuals.
• Ensure and provide user account management, that all users have the requisite security clearance, authorization, and need-to-know and are provided before being given access.
• Ensure event management audit records and continuous monitoring policies on all authorized systems are adhered to, collected, reviewed, and archived.
• Ensure system security measures comply with multiple regulatory requirements (e.g. NISPOM, DCID, ICD 503, DoD RMF, JSIG), and accurately assess the impact of modifications, changes, and vulnerabilities for each system where needed.
• Coordinate with the ISSM and AO/DAO regarding system changes or modifications to hardware, software, or firmware of a system.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional.
• Conduct periodic reviews of information systems to ensure compliance with the security authorization artifacts.
• Provide cybersecurity tasks training to other team members.
• Provide support and coordinate with other cybersecurity team members to accomplished daily team tasks.
• Provide incident response management of Information Systems through incident response, execution, administrative inquiries, investigations, containment, recovery, and reporting.
• Provide vulnerability management and malware detection through vulnerability scans, antivirus signature scans, and ensuring definitions on all authorized systems are updated.
• Provide information management through trusted file transfers.
• Provide software assurance through trusted acquisition, and functional checks and license management through license verifications.
• Provide asset management through hardware and software inventories and configuration management through use of configuration guides.
• Provide user account management by periodic account verification and documentation on a weekly, monthly, quarterly, and yearly (training, agreements, etc.) schedule.
• Create and maintain all information assurance documentation (e.g. SSPs, Security Profiles, approvals, etc.) for their assigned areas.
• Experience interfacing with internal and external Security personnel, customers, management, and U.S. Government representatives where required (i.e. AOs, DAOs, SCAs, Program Managers, etc.).
• Travel as needed to other business locations to provide necessary cyber security support.
• Knowledge in Windows, Linux, operating systems.
• Handling and managing Communications Security (COMSEC) and classified systems material.
• Formally notify the ISSM and AO/DAO if a system modification may affect its authorization.
• Report all security-related incidents to the ISSM.
• Attend required technical and security training (e.g. OS, networking, security management) that is relative to assigned duties.
• Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly.
• Complete projects and tasks as assigned by the cyber team lead.
• Experience with various Endpoint security, vulnerability, and enumeration tools (e.g. Tenable Nessus, SPLUNK, Newt, Ivanti, Symantec, Purifile, and Document Detective, etc.).
• Experience providing technical security expertise and oversight for complex, cross-domain, heterogeneous classified networked environments in collaboration with government customers, the IT department and other stake holders.
• Experience with various types of special operational equipment.
• Experience in the oversight and execution of the Assessment & Authorization processes (Certification & Accreditation), as defined in JSIG, RMF, and DAAPM.
• Experience with any of the following: DCID 6 3, JSIG, RMF, ICD-503 or equivalent requirements to include technical computer and network system auditing.
• Experience with any of the following: self-inspections, security control assessments, training, log management systems, automated inventory utilities, and auditing.
• Experience with the identification, development, and reporting of IA program performance metrics and oversight of appropriate IA policy, processes and procedures.
• Must be willing to deploy in support of the customer.
• Able to stand for long periods of time and lift up to 50 pounds.

Deployment events will range from one to twelve consecutive weeks at a time, and will be travel to both CONUS and OCONUS locations.

• Active DoD TOP SECRET security clearance with the ability to obtain/maintain a TS/SCI security clearance (US Citizenship required)
• Bachelor’s degree in a technical discipline (STEM – Science, Technology, Engineering or Mathematics) and 2 year’s related experience or equivalent experience, training, and/or certifications.
• Must possess and maintain a security professional certification such as CompTIA Security certification or equivalent, in accordance with DoD 8570.01-M IAT Level II baseline certification.
• Extended experience with Windows and Linux operating systems
• Highly familiar with cybersecurity defensive tactics, techniques, and procedures
• Strong oral and written communications skills
• Team player with a proactive attitude and the ability to be productive in a dynamic/collaborative environment.

• Active DoD TS/SCI security clearance (US Citizenship required)
• Bachelor of Science degree in Cybersecurity with 2 years of related experience
• Experience in systems administration and cybersecurity operations and training
• Experience with the Risk Management Framework (RMF) process
• Experience with the Xacta RMF process automation database platform
• Experience in vulnerability assessment, control allocation, and risk mitigation
• Motivated self-starter with good problem solving skills, judgment, and analytical capability
• Skilled in planning and organization of tasks, procedures, and processes