• Análisis de cumplimiento de ISO/SAE 21434 y UNECE R155 . • Colaborarás en el diseño de planes de implementación de medidas de ciberseguridad. • Participarás en el ciclo de vida de productos como ECUs, BMS, Power Electronics , aplicando principios de “cybersecure by design” . • Identificar y mitigar amenazas en buses de comunicación, gateways, actualizaciones OTA, etc.

• Multi-Cloud Governance (AWS & GCP): Deploy and manage Cloud Security Posture Management (CSPM) tools to automatically detect and remediate misconfigurations across both providers. • Container Security Lifecycle: Implement Cloud Native Application Protection Platform (CNAPP) strategies by shifting left and integrating container image scanning directly into Jenkins and GitLab pipelines. • Workload Protection: Deploy and tune Cloud Workload Protection Platform (CWPP) tools to monitor runtime behavior and detect anomalies in both VMs and Kubernetes pods. • Advanced Automation & SOAR: Build Automated Response Playbooks to automatically enrich alerts, isolate compromised resources, and dismiss low-fidelity noise without human intervention. • Infrastructure Review & Identity: Manage effective permissions across complex multi-cloud IAM structures and standardize secret management workflows. • Release Readiness & Customer Trust: Collaborate closely with Technical Program Managers (TPMs) during software releases to enforce compliance standards and oversee vulnerability scanning. Additionally, respond to customer inquiries regarding the impact of Common Vulnerabilities and Exposures (CVEs) on our product.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Seeking an RMF Sr. Information Security Systems Manager (ISSM) and Subject Matter Expert to support mission critical Office of the Undersecretary of War for Research and Engineering (OUSW (R&E) capabilities within all facets of the RMF. This pioneering domain presents unique challenges, necessitating skilled ISSMs to maintain system security and oversee cyber implementation. The role demands accountability for upholding security standards across the organization, navigating the evolving landscape of defense technology and safeguarding sensitive information crucial to national security. To be successful in this position the candidate must possess a firm understanding of statutory guidance such as: - 570.01 (Information Assurance Workforce Improvement Program) - DoWI 8500.01 (Cybersecurity) - DoW Directive 8140.03 (Information Systems Security Manager – DoW Cyber Exchange) - NIST 800-37 r2 (Risk Management Framework for Information Systems and Organizations) Successful candidates should be able to: - Expertly Implement and Manage Cybersecurity Controls - Develop and implement security policies, procedures, and guidelines - Conduct risk assessments and identify potential vulnerabilities and threats - Collaborate with stakeholders to plan and implement security measures - Develop and implement incident response procedures - Ensure compliance with relevant security standards, regulations, and frameworks - Maintain accurate and up-to-date security documentation - Provide regular reports to management on the status of information security Qualifications - Must have an active Top Secret with SCI eligibility - Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience) - At least 10+ years of cybersecurity experience including a senior technical or management role - Project or Program Management experience a plus - At least one IAT/IAM or equivalent security certifications (e.g., CISSP, CCSP, CISM, CISA, or CASP) - Experience working with OSD leadership or Military component or branch - Excellent communication/presentation skills briefing senior military and government civilian leadership - Experienced with writing policies, guides, procedures - Experience in hands on with eMASS, Xacta and/or other GRC tools - Experience with Federal and FedRamp A&A Processes - Experienced and comfortable advising at the Senior Executive Service (SES) level of customers Requirements - Utilize expert knowledge and experience regarding risk management strategies in support of a major DoW program - Collaborate between the Cyber Risk Assessor/Security Control Assessor and the program as well as DoW senior leadership - Reporting of status and metrics for body of evidence and authorization conditions - Manage multiple priorities in a high-paced and fast-changing environment - Perform other duties as assigned or required Benefits - Full-Time REMOTE position - Candidates in the Washington DC Metropolitan area preferred - Travel requirements will vary with location, expect approximately 10% to 25% Company Description We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

• Manage and maintain the company's technology infrastructure, including cloud services, networking, and internal application stack. • Develop and execute the long-term IT roadmap to support Zócalo Health’s rapid growth and scalability. • Oversee the IT operational budget, ensuring cost-effective technology investments and asset management. • Lead the IT Helpdesk function, establishing service level agreements (SLAs) for excellent and timely end-user support and issue resolution. • Manage the procurement, deployment, inventory, and lifecycle management of all company hardware, software, and SaaS assets. • Ensure effective training and support for employees on all internal systems and productivity tools. • Establish and regularly test a robust business continuity and disaster recovery plan for critical IT systems. • Own and lead the HITRUST certification program, including control implementation, documentation, and audit readiness • Establish and enforce security policies, standards, and procedures • Own system access provisioning and de-provisioning across all platforms • Oversee MDM, endpoint security, and identity management • Lead vendor security reviews and ongoing risk assessments • Coordinate incident response and remediation efforts • Partner with Engineering, Product, Compliance, and Operations on security and IT initiatives • Manage outsourced IT and security vendors as appropriate • Build scalable IT and security governance that supports growth beyond 250 employees