Senior Officer, Security Engineer And Program Operations

Pew Charitible Trusts Washington , DC 20319

Posted 1 week ago

Overview

The Pew Charitable Trusts is driven by the power of knowledge to solve today's most challenging problems. Pew applies a rigorous, analytical approach to improve public policy, inform the public and invigorate civic life.

We are an independent nonprofit organization the sole beneficiary of seven individual trusts established between 1948 and 1979 by two sons and two daughters of Sun Oil Company founder Joseph N. Pew and his wife, Mary Anderson Pew.

Our work lays the foundation for effective policy solutions by informing and engaging citizens, linking diverse interests to pursue common cause and insisting on tangible results. Our projects encourage efficient, responsive governments at the local, state, national and international levels serving the best interests of the people. We partner with a diverse range of donors, public and private organizations and concerned citizens who share our interest in fact-based solutions and goal-driven investments to improve society.

With offices in Philadelphia, Washington DC, Australia, Brussels and London, and with additional staff in other regions of the United States and around the globe, Pew provides an exciting learning environment and the opportunity to work with highly talented individuals. We are a dynamic, rapidly evolving organization that values creativity and innovative thinking and fosters strong teamwork with mutual respect.

Overview of Information Technology

Information Technology (IT) at Pew takes a proactive approach toward the use of technology to increase the organization's capacity for exceptionally high-quality strategic philanthropy. Executive staff at Pew recognizes the importance of technology, and supports related initiatives to advance the institution's goals and achieve and maintain a leadership position in the philanthropic community. As a result, IT is in a mode of continuous improvement, applying leading-edge technology to the pursuit of the goals of the institution.

The department comprises highly competent, forward-thinking professionals who are responsible for the technology needs of all Pew staff, as well as for Pew's subsidiaries in Philadelphia and Washington, D.C. IT is organized into distinct areas of responsibility, including strategic alignment of technology with the business, the evaluation and acquisition of software and hardware, implementation of new systems and data repositories, and supporting the extended network, desktop computer hardware, and software applications.

Position Overview

The Senior Officer is part of a team of security professionals and is responsible for engineering and operating Pew's global technology security program. This position provides hands-on technical solutions and operation of a variety of information security systems. The position requires deep knowledge of security frameworks, standards, networking, virtualization, computing infrastructure, cloud computing, and telecommunications. The position also requires a nuanced understanding of how security and technology can support the work of the institution and which technologies best serve Pew. Additionally, this position is charged with performing the duties necessary to ensure the safety of Pew's information, networks, systems and other technology assets. Finally, this position is charged with developing Pew's security policies, overseeing the Pew's security awareness training program and evaluating Pew's alignment with various security frameworks.

The Senior Officer has no direct management responsibility, but is expected to contribute to the mentoring and professional development of staff within IT. The Senior Officer participates in complex projects that span multiple facets of information technology and include stakeholders across divisions. The Senior Officer reports to the Director, Infrastructure Operations and Security.

Responsibilities

  • Collaborate with the Director of Infrastructure Operations and Security, the security team and the Chief Technology Officer to design and execute security projects that address identified risks.

  • Monitor and analyze a range of systems to identify security issues for remediation including log analysis, intrusion detection, and other security intelligence systems.

  • In conjunction with other members of the security team and Pew's security providers, assist in security operations including incident management, incident analysis, escalation and resolution.

  • Develop and sustain Pew's information security program, policies, and standards in conjunction with the Director and CTO.

  • Maintain the IT security incident response process, including all required supporting materials.

  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

  • Define and execute a strategy to provide continuous monitoring, triage, and tracking of security events, and other operational IT issues.

  • Provide input on metrics and reporting strategies that effectively communicate successes and progress of the security program.

  • Participate in periodic reviews of technology related audits and compliance checks.

  • Assists in the development of annual budget estimates to ensure the information security program is ready to meet Pew's strategic needs.

  • Recommend and plan the implementation of new or updated information security solutions, and analyze its impact on the existing environment; provide technical expertise for the administration of security tools.

  • Develop and foster strong working relationships with others within IT.

  • Contribute to and participate in tasks of the Information Technology department as assigned. Participate in Pew-wide projects as requested.

Requirements

  • Bachelor's degree required, Master's degree preferred.

  • Minimum of ten years of IT experience, with eight years in an information security role demonstrating increasing levels of responsibility and technical expertise in an enterprise environment.

  • One or more security certifications such as SANS/GIAC, CISSP, CISA, CISM along with demonstrable, relevant professional experience.

  • Extensive experience of TCP/IP and the OSI model as well as cryptography algorithms, log aggregation, vulnerability assessments, and penetration testing tools.

  • Knowledge of network infrastructure, including switching and routing, firewalls, and all associated protocols and technologies.

  • Knowledge of computing infrastructure including servers, storage, virtualization, Windows infrastructure, DNS, and DHCP.

  • Demonstrable experience in operating and supporting network security controls (e.g., next-gen firewalls, web proxies, APT detection and IDS/IPS), end-point security controls (e.g., full-disk encryption, enterprise anti-virus, DLP), access controls (e.g., privileged access management, multi-factor authentication), and SIEM technologies.

  • Strong analytical skills to analyze security requirements and relate them to appropriate security technologies and controls.

  • A strong understanding of the business impact of security tools, technologies and policies.

  • Knowledge of IT end-to-end problem management and root cause analysis.

  • Working knowledge of Information Security frameworks and standards such as SANS/CIS Critical Security Controls, NIST 800-53 and ISO 27001/27002 with practiced program alignment and integration.

  • Excellent verbal and written communication skills.

  • Ability to understand organizational structure and culture and how these impact the delivery of technology to staff; ability to navigate complex organizational dynamics and exert influence in business relationships.

Compensation

As this is a full-time position, we offer a competitive salary and benefit program, including: comprehensive, affordable health care through medical, dental and vision coverage; financial security with life and disability insurance; opportunities to save using health savings and flexible spending accounts; retirement benefits to help prepare for the future; and work/life benefits to help you maintain a good balance.

The Pew Charitable Trusts is an equal opportunity employer, committed to a diverse and inclusive workplace. Pew considers qualified applicants for employment without regard to age, sex, ethnicity, religion, disability, marital status, sexual orientation or gender identity, military/veteran status, or any other basis prohibited by applicable law.

Travel

Occasional travel between Pew's offices as required. Additional travel required to attend trainings, seminars or conferences.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Systems Security Officer (Isso) Task Lead

Solutions By Design II, LLC

Posted Yesterday

VIEW JOBS 12/15/2018 12:00:00 AM 2019-03-15T00:00 SBD is seeking an energetic and motivated <strong>Information Systems Security Officer (ISSO) Task Lead</strong> for a federal client.  The ISSO Task Lead shall effectively and efficiently plan, organize and manage all aspects of the ISSO activities as part of a large-scale information assurance and cyber security project.  The ISSO Lead leads a small group of skilled ISSO’s supporting 100+ systems. The ISSO Lead works hand-in-hand with the SBD Program Manager and the government ISSO lead to provide quality and timely solutions for ISSO support while delivering innovation and improvements to current processes and technologies to improve the overall security posture of the department.  The ISSO Task Lead should be experienced with CDM, NIST, FISMA, and compliance.<br /> <br /> In this position, the Task Lead will: <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Organize, direct, and coordinate planning and execution of all ISSO support activities</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Oversee day-to-day management of 5+ person team, including subcontractor personnel</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Identify, manage, and mitigate risks as appropriate to ensure project success.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Ensure effective working relationships and communications at all appropriate levels.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Support continuous improvement activities.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Main point of contact for Government ISSO lead.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Maintain relationship with Government ISSO lead.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Ensure ISSO team meets required contract requirements and deliverables.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Provide weekly, monthly reports to SBD Program Manager and customer as required.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Develop/track ISSO support activities schedules.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Manage project management plan updates for ISSO support activities.</li> </ul> <br />  <br /> The ISSO Lead is dedicated to performing the risk management services for several security boundaries to include FedRAMP cloud hosted applications and offers services in the following areas.<br /> Technical responsibilities include: <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Incident response, as needed</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Coordinate Incident Response with the agency System Owners (SO) to include all associated actions necessary to mitigate the risk to unit systems</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Prepare and coordinate Incident Responses with the agency ISSM to include all associated actions necessary to mitigate the risk to unit systems.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Computer investigations and forensics</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">POA&M Review/Processing</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">On a quarterly basis, update POA&M information in centralized authoritative source</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Assist in and/or prepare Weakness Completion Verification Forms</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Security architecture and engineering support</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Develop, prepare and/or update SOP's as identified or as necessary</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">SOP's are updated at a minimum annually</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Consolidate all ISSO Activity Status Reports. Report requirements and format shall be established by the designated Government Task Lead after award</li> </ul> <br /> <br /> <strong>Requirements: </strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Bachelor’s Degree in CS, IT, or Engineering</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">10+ years experience in IT field; 5+ years consulting experience</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">5+ years experience with NIST and FISMA</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">3+ years experience managing staff</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Must have 3+ years experience supporting Federal customers </li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Must have 3+ years demonstrated success serving in ISSO support roles.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Must have <strong>CISSP certification</strong></li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Must be highly organized and have solid interpersonal skills</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Strong communication skills, listening and writing skills</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Energy, integrity and strong work ethics</li> </ul> <strong>Desired: </strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Cloud security experience</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">CDM security experience</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">CCSP, CIPP, CAP, CASP/GSLC/CISM/CSM or other industry standard security certifications</li> </ul> Solutions By Design II, LLC Washington DC

Senior Officer, Security Engineer And Program Operations

Pew Charitible Trusts