Senior Information Security Officer (Certified Information Systems Security Professional)

Title:

Senior Information Security Officer (Certified Information Systems Security Professional)

BELONG. CONNECT. GROW. with KBR.

At KBR, we define the future. We are a company of innovators, thinkers, creators, explorers, volunteers, and dreamers. But we all share one goal: to improve the world responsibly and safely.

KBR is seeking a Senior Data Scientist with Bioinformatics experience.

The position will be responsible for determining enterprise information security standards. Develop and implement information security standards and procedures. Provide tactical information security advice and examine the ramifications of new technologies. Ensure that all information systems are functional and secure.

Additional Responsibilities Include Supporting the Following Tasks:

• Deploy, manage, and operate a scalable, highly available, and fault tolerant system in Amazon Web Services.

• Maintain and update the current system architecture and manage infrastructure configuration and deployment.

• Evaluate and implement new AWS or other cloud services as appropriate and directed, based on compute, load balancing, data, or security requirements.

• Manage and configure the AWS networking configuration and AWS Identity and access management for internal and external users.

• Maintain, update, and implement the backup and disaster recovery plan.

• Analyze cloud resource deployment summary data and monitor cloud resource key metrics in order to resolve operational problems and maintain a 99% uptime.

• Support and maintain a development environment with appropriate security monitoring and access controls, for end users to develop, test, and deploy computational pipelines for data submission, quality assurance, and data analysis, from local machines or cloud instances.

• Provide security for the Information maintained in the data base infrastructure. The tasks to be performed include: Compliance with directives from the NIMH ISSO and their team, system security engineering and updates, system and data monitoring and response, risk assessments on the current infrastructure and recommendations for remediating any deficiencies, cloud controls for secure provision of sensitive data.

• Perform third-party risk assessments and provide recommendations for supporting data sharing and system to system federations and for the support of researcher-developed software that makes use of database-hosted data objects; Integrate with external systems as appropriate and directed

• Build a system for internal reporting of events related to system administration and security, to include automated notifications both to contractor staff and to NIH staff.

• Perform forensic analysis of security incidents, document incident forensic reports and update NIMH leadership with findings.

• Follow Federal Government, DHHS and NIH security policies and procedures for software design, development, maintenance and operation. Remediate any software vulnerabilities from Security review or continuous monitoring.

• Maintain and update all NIMH Certification and Accreditation documentation including Annual Assessments, Risk Assessments, System Security Plans, Plan of Action and Milestones, Configuration Management, Disaster Recovery and Contingency Plans.

• Perform security analysis of reported vulnerabilities (from internal monitoring systems or NIMH ISSO monitoring systems), coordinate remediation of vulnerabilities, and verify and validate remediation of vulnerabilities.

• Perform automated patch management, software update, configuration and version control of all NDA systems and applications.

• Ensure all NDA staff with privileged access undergo regular Information Security Training and maintain the appropriate credentials for the depth of their system access.

• Maintain up-to-date external-facing documentation of all standard operating procedures and security policies for NDA users

REQUIRED EDUCATION/EXPERIENCE:

• Education: Must have a Bachelors degree.

• Must have Certified Information Systems Security Professional (CISSP) certification.

• Must have Chief Information Security Officer (CISO) experience.

• Minimum 15 years of experience in a similar position.

PREFERRED EDUCATION/EXPERIENCE:

• Masters degree preferred.

• Experience supporting the DHHS or specifically National Institute of Health (NIH).

KBR BENEFITS

KBR offers a wide range of benefits for their employees; we offer medical, prescription, dental, vision, AD&D, disability benefits, retirement 401k, travel benefits, PTO, holidays, flexible work schedules, parental leave, military leave, education assistance, and the list goes on and on! We also support career advancement through professional training and development.

INCLUSION AND DIVERSITY AT KBR

At KBR, we are passionate about our people, sustainability, and our Zero Harm culture.

These inform all that we do and are at the heart of our commitment to and ongoing journey toward being a more inclusive and diverse company. That commitment is central to our team of teams philosophy and fosters an environment of real collaboration across cultures and locations. Our individual differences and perspectives bring enhanced value to our teams and help us develop solutions for the most challenging problems. We understand that by embracing those differences and working together, we are more innovative, more resilient, and safer.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.