• Director, Information Security

    Location US-MD-Silver Spring
    Job ID
    2018-1772
    Category
    Information Technology/Programming
    Type
    Regular Full-Time
  • Overview

    Social & Scientific Systems (SSS) works to improve public health worldwide by providing technical, research, and program management services to government, nonprofit, and commercial clients. The SSS team offers a synergy of expertise in clinical research services, epidemiology and public health studies, health data management and analysis, and health policy analysis. Please join our dedicated staff of employee-owners in an environment that values diversity and supports health, well-being, and professional growth.

     

    SSS is seeking an Associate Director/Director, Information Secruity to manage and direct all activities within the Information Security Office and may also be appointed to hold the role of Information Security Officer (ISO).  The incumbent is responsible for the development, implementation, and maintenance of enterprise-wide information security programs to assure inforamtion assets and data are adequately protected and compliant with applicable regulations.  The incumbent must be knowledgeable of Information Security best practices and regulatory compliance requirements that impact security for the enterprise.  This includes, but is not limited to FISMA, FedRAMP, HIPPA, HITECH, PCI, HITRUST and 21 CFR Part 11.  This position also develops policies and standards that direct security functions relative to information technology systems, networks, applications, voice and data communications, computing services and operational processes within the enterprise.

    Responsibilities

    • Works closely with Senior Leadership to ensure the security of the firms and clients systems and data. Provide strategic guidance to inform the corporate strategic plans and fundamental business activities within the company with regard to information security. Maintains current knowledge of applicable regulatory and compliance issues related to Information Security.
    • Develop, maintain and oversee an enterprise-wide Information Security Program consistent with applicable regulatory and compliance requirements.
    • Oversee the development and implementation of a company-wide Information Security training and awareness program to assure the organizations workforce is knowledgeable of Information Security policies, practices and relevant guidance appropriate to their role in the organization.
    • Provides strategic and technical security guidance for all IT projects, including establishing baseline system standards, evaluation of the enterprise architecture, hardware, software, and technical controls and works closely with the IT Operations and Architecture staff to ensure systems meet compliance standards and best security practices.
    • Ensures the access control, disaster recovery, business continuity, incident response, and risk management needs of the organization are properly addressed in conjunction with relevant functions and third parties.
    • Ensures implementation and compliance of federal regulations including FISMA, FedRAMP, HIPAA and 21 CFR Part 11.
    • Manages and performs Certification and Accreditation activities for projects when required and tracks and reports on all Plans of Action and Milestones (POA&M) activities.
    • Performs ongoing information risk assessments and audits to ensure information systems and other corporate and group operational processes are adequately protected and meet compliance requirements.
    • Leads an incident response team to contain, investigate, and prevent future computer security breaches.
    • Provides routine operational management and leadership to staff within the Information Assurance and Security Management functions.
    • Leads the design, implementation, operation and maintenance of the Information Assurance and Security Management Systems.

    Qualifications

    • Bachelor's degree in a computer-related field with a minimum of eight years of relevant IT experience or a Bachelors degree in a non-computer related field with a minimum of ten years of relevant IT experience.
    • At least four years of full-time work experience in an Information Security Management and/or related function (i.e. IT audit and IT Risk Management). Information security management qualifications such as CISSP or CISM. Hands-on team leadership and management experience.
    • Must have experience in FedRAMP compliance having fully completed either Joint Authorization Board or Agency Authorization to include 3rd Party Assessment vendor selection, management, and completion. 
    • A background in technical IT roles such as IT architecture, development or operations, with a clear and abiding interest in information security.
    • Demonstrated experience implementing an Information Security Management System including policy development
    • Demonstrated experience interpreting and implementing controls meeting the compliance and security NIST special publications, FISMA, HIPAA, and other guidance regarding systems and data security. Must have strong working knowledge of pertinent law and the law enforcement community. Excellent written and oral communications skills are required.  
    • Excellent communication skills required in order to interface with all levels of management

    SSS is committed to fostering a diverse workforce and is proud to be an Affirmative Action/Equal Opportunity Employer of Minorities/Women/Protected Veterans/Individuals with Disabilities. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, age, national origin, veteran status, disability, or any other classification protected by law.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.