Client Services Security Manager - Hybrid Work Arrangement
Posted on: January 17, 2023
Westat is an employee-owned corporation providing research
services to agencies of the U.S. Government, as well as businesses,
foundations, and state and local governments. Westat's research,
technical, and administrative staff of more than 2,000 is located
at our headquarters in Rockville, Maryland, near Washington,
Westat is committed to building a diverse workforce and a culture
of inclusivity, belonging and equity for all. We believe that our
greatest strength draws on the different backgrounds, cultures,
perspectives and experiences of our employees.
Westat is seeking a senior information security manager to lead our
Client Security Services (CSS) team. This leadership role is a
critical member of the chief information security officer's
(CISO's) team and acts as an interface between the CISO's strategic
and process-based activities and the CSS team they will lead. The
CSS Manager must be able to provide direction and mentoring for
staff, interact directly with internal and external clients, manage
resources, meet deadlines, and provide regular status and
service-level reports to management.
The candidate should have experience managing direct reports and
working with Federal Government clients, securing information
systems in accordance with the National Institute of Standards and
Technology (NIST) Risk Management Framework (RMF, i.e. NIST 800-37
and 800-53). Expertise in leading project teams and developing and
managing projects is essential for success in this role. In
addition to supporting the CISO's policies and strategies, the ISM
must be able to prioritize work efforts balancing operational tasks
with longer-term strategic security efforts.
Manage a staff of information security professionals, hire and
train new staff, conduct performance reviews, and provide
leadership and coaching, including technical and personal
development programs for team members.
Work with the CISO to develop budget projections based on short-
and long-term goals and objectives.
Monitor and report on client facing security activities that
include security authorization documentation creation, security
control evidence gathering, risk remediation, and security
Propose changes to existing policies and procedures to ensure
operating efficiency and regulatory compliance.
Assist resource owners and IT staff in understanding and responding
to security audit failures reported by auditors.
Provide security communication, awareness and training for
audiences, which may range from senior leaders to field staff.
Work as a liaison with vendors and the legal and purchasing
departments to establish mutually acceptable contracts and
Manage production issues and incidents, and participate in problem
and change management forums.
Work with various stakeholders to identify information asset owners
to classify data and systems as part of a control framework
Serve as an active and consistent participant in the information
security governance process.
Work with the CISO and IT and business stakeholders to define
metrics and reporting strategies that effectively communicate
successes and progress of the security program.
Provide support and guidance for legal and regulatory compliance
efforts, including audit support.
Manage outsourced vendors that provide information security
functions for compliance with contracted service-level
Formulate recommendations to resolve problems impacting the quality
and effectiveness of security controls in software development
Participate in information security working groups.
Typically requires a Bachelors degree and a minimum of 7 years of
IT experience, or an equivalent combination of education and
Experience with FISMA and the entire NIST Risk Management Framework
lifecycle are essential.
Demonstrated leadership abilities, with the capability to develop
and guide information security team members and IT operations
personnel, and work with minimal supervision.
Proven project management skills and experience in creating and
managing project plans, including budgeting and resource
At least one IT security certification is required (Security+,
Certified Information Systems Security Professional (CISSP), GIAC
Security Essentials (GSEC), Systems Security Certified Practitioner
(SSCP), Certified Information Security Manager (CISM), and
Certified Information Systems Auditor (CISA)).
Knowledge of information security principles, including risk
assessment and management, threat and vulnerability management,
incident response, and identity and access management.
Excellent communication skills.
Ability to work well under minimal supervision and work in a team
Westat offers a well-rounded and comprehensive benefits program
focused on wellness and work/life balance. Eligible employees may
Employee Stock Ownership Plan
401(k) Retirement Plan
Paid Parental Leave
Employee Assistance Program
Travel Accident Insurance
Short Term Disability Insurance
Long Term Disability Insurance
Life and AD&D Insurance
Critical Illness Insurance
Supplemental Life Insurance
Flexible Spending Account
Health Savings Account
Westat is an Equal Opportunity Employer and does not discriminate
on the basis of race, creed, color, religion, sex, national origin,
age, veteran status, disability, marital status, sexual
orientation, citizenship status, genetic information, gender
identity or expression, or any other protected status under
Computer Systems and Applications
The anticipated salary range for this role is $120K - $160K and
will be commensurate with experience.
Yes%30917318% %%management%%by Jobble
Keywords: Westat, Rockville , Client Services Security Manager - Hybrid Work Arrangement, Accounting, Auditing , Rockville, Maryland
Didn't find what you're looking for? Search again!