Leidos Corporate Information Systems Group has an immediate opening for a Business Information Security Officer (BISO) to support our US operations. In this role you will help the Leidos CIS Groups in the US ensure the continued accreditation of their operational networks and security of business operations. Additionally you will work with other Groups to improve their information security postures by ensuring the consistent application of Leidos policy and procedures. This role will require a keen understanding of Group key assets and processes, unique business requirements, the Leidos information security program and combining this information to address residual risk by recommending security enhancements within the area of responsibility. The BISO role is a critical partner for the Operating Groups and will represent CIS in daily operations as well as with senior customers and partners as required.
- Provide senior leadership to Leidos Groups for the implementation of Leidos Information Security policy, procedures, and standards throughout their business.
- Direct the risk assessment and security engineering completeness of any exceptions to standard baselines or Leidos policy either directly or via regional BISOs
- Perform first line approval of security requests from Business Group Programs and personnel
- Proactively identify information security deficiencies or opportunities for improvement to better enable business security at the global level. Lead the development of pragmatic solutions across Corporate Information Security.
- Provide communication or escalation path for information security issues identified by Corporate Information Security or the Groups themselves.
- Provide regular, timely reporting on the information security status across the supported business groups.
- Support acquisition due diligence for information security risks and support control design for integration.
- Participate in Group reporting requirements, monthly/quarterly status meetings and offsites as appropriate.
- Assist Groups in managing and preventing cyber incidents and providing incident coordination as required.
- Provide subject matter expertise on various cyber threats to Group leadership.
- Represent the Global BISO at meetings and act on behalf of as requested.
- Authority to direct the implementation of Leidos Information Security policy, procedures and standards within the Leidos operating groups and supporting organizations.
- Authority to direct resources to respond to information security incidents or critical deficiencies to ensure secure operations of Leidos information systems.
- Final authority for all decisions related to low risk variances to information security standard baselines. Authority to recommend decisions on all moderate and high risk variations to the Global BISO, Sr Dir Enablement and CISO.
- Accountable to Global BISO for the efficient and effective execution of position responsibilities.
- Accountable to CISO, Global BISO and CIO to meet all performance objectives.
- Accountable to Leidos business units for ensuring ongoing accredited operations of all network segments under responsibility area.
- Accountable to peer employees to ensure all job resource requirements are met and appropriate performance feedback is delivered in a timely manner
- Bachelors degree in Information Systems, Cybersecurity, or a related field and minimum 12 years of relevant experience. Additional years of relevant experience will be considered in lieu of a degree.
- Senior level experience in the design and implementation of information security programs for organizations with annual turnover>$10B USD
- Must have minimum 6 years of experience in cybersecurity. This includes, security policy development, metrics capture and analysis and system authorization.
- Excellent communication skills and ability to effectively engage from Senior Executives through individual technical staff
- Self motivated and willing to take on challenges while adapting to an every changing operational environment.
- Good understanding of security best practices including NIST Risk Management Framework, NIST 800-171 controls, ISO27000 and PCI DSS. Previous experience working with one of these frameworks.
- Expert level understanding of key network and technical security controls. This includes application of the Cyber Kill Chain in enterprise environments.
- Experience participating in security incident response and coordinating activities
- Ability to demonstrate security experience via certifications or significant career accomplishments
- Demonstrated ability to apply organizational information security policies at an operating group level
- Ability to obtain a DOD Secret clearance or equivalent
- Demonstrated experience with NIST/DFARS or ISO 27001 related activities to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements.
- Demonstrated experience working with cross-departmental teams to design, develop and implement NIST/DFARS 800-171 compliant solutions that meet current and future business requirements and enhance and optimize the existing security architecture
- Knowledge and experience working within the Intelligence or Defense markets will be considered a significant advantage.
- Certification pertaining to information security and data privacy protection (CISSP, CISA, CRISC, CIPP/IT, CIPP/E)
- A DOD Secret clearance or equivalent