• Assess information security risks in line with internal policy and external best practices • Support security of information and IT assets by testing security systems • Implement cyber security technology and provide day-to-day business support • Manage third-party providers to ensure standards adherence • Provide information security training to appropriate teams

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This position falls under the umbrella of Sawdey's Managed Services Division (MSD). Sawdey MSD is a full-service Managed Service Provider (MSP)/Managed Security Service Provider (MSSP) providing IT and/or cybersecurity services to a variety of different clients (defense/government contractors, municipalities, non-profits, commercial organizations, etc.). The Information Security Manager will plan, design, implement, and maintain client cybersecurity programs that meet all requirements of the CIA triad: Confidentiality, Integrity, and Availability. This position requires someone who works with minimal supervision. It is essential for this team member to deliver outstanding client service, expert problem solving, communicate effectively, and contribute positively to the Team. - Support MSD work/contracts inclusive of risk analysis, project management, strategic planning, incident response, asset management, and overall client management. - Lead and guide clients in developing and maintaining a comprehensive cybersecurity strategy aligned with regulatory standards (e.g., CMMC, NIST 800-171, ISO 270001, etc.). - Create, establish, and maintain extensive information security standards, policies, and procedures. - Support all aspects of Sawdey clients' CMMC efforts to include providing CMMC advisory services and ongoing cybersecurity programmatic maintenance activities. - Generate daily, weekly, and monthly compliance reports and review such reports for anomalies or issues. - Develop implementation plans that meet project goals and security requirements. - Serve on Sawdey MSD clients' Change Approval Boards and Risk Management Boards. - Conduct thorough risk assessments to identify and remediate vulnerabilities, threats, and potential impacts on client operations. - Review security logs to identify risks, security threats, and configuration errors. - Lead clients' security and compliance-related inquiries (e.g., insurance/cybersecurity questionnaires, risk assessments, incident response, CMMC assessments, etc.). - Lead client's Incident Response (IR) activities and provide ongoing IR training. - Leverage Artificial Intelligence (AI) to streamline processes and produce better outcomes for clients. - Serve as respective clients' main or secondary POC and lead teams to complete project tasks as efficiently, securely, and timely, as possible. - Translate cybersecurity jargon into non-technical language to assist executive teams in understanding risks and requirements associated with their cybersecurity. - May assist in hiring, onboarding, and training new IT resources in support of Sawdey MSD. - Work across departments/clients providing IT expertise for defining project requirements, proposals, cybersecurity program documentation, licensing support, etc. - Stay current on new industry specific technologies as it relates to the position. - Communicate and collaborate with clients and colleagues in a professional, respectful, and timely manner. - Meet with current or prospective clients to assist in evaluating potential project work and/or ongoing support services. - Continually evaluate and recommend changes for improvement for client systems. - Provide project status updates and/or overall client status updates to MSD Leadership. - May prepare both internal and client briefs. - Understand and adhere to Cybersecurity Maturity Model Certification (CMMC) requirements and policies. - May serve as a mentor to fellow Sawdey MSD team members. - Participate in an on-call rotation. - Perform other duties, as assigned. Qualifications - Five (5) + years of IT-related experience. - Must have experience and a good understanding of cybersecurity frameworks and regulations, including, but not limited to National Institute of Standards and Technology (NIST) Special Publications (SP), International Organization for Standardization (ISO), and Health Insurance Portability and Accountability Act of 1996 (HIPAA). - Must have experience working with at least some of the following: - Microsoft 365 - Azure IaaS, PaaS, SaaS Services - Microsoft Defender - Windows Server - VMWare - Duo - CrowdStrike - Veeam - Vulnerability Scanning and Management - Configuration Management and Maintenance - IT and Compliance Documentation - Client, Project, and Ticket Management Education Requirements - Bachelor's degree in an IT-related field preferred, but not required. Certificate, License, and Registration Requirements - One or more of the following certifications are desired, but not required: - CMMC Certified Professional (CCP) - Certified Information Systems Manager (CISM) - Certified Information Systems Auditor (CISA) - Certified Information Systems Security Professional (CISSP) - Certified Cloud Security Professional (CCSP) - Microsoft Certified: Cybersecurity Architect Expert - Microsoft 365 Certified: Enterprise Administrator Expert - Microsoft Certified: Azure Administrator - CompTIA Security+ - If the candidate doesn't have the CCP certification, the individual will be required to attend CCP training in the first 3 months and pass the CCP exam within the first 6 months of employment. Other Required Skills & Abilities - Must be able to effectively communicate with customer and fulfill all duties and responsibilities as listed in the contract. - Must be proficient in Microsoft Office suite including, but not limited to: Word, PowerPoint, Excel, and Outlook. - Must be able to communicate and collaborate with corporate employees, clients, and colleagues in a professional, respectful, and timely manner. - Must have daily and accurate time entry accounting for all service and non-service tasks. - Must be able to articulate technical information to non-technical people. - Must be self-motivated and self-directed with the ability to work with minimal direction and oversight. - Must be able to pay very close attention to detail. - Must be able to participate in an on-call rotation. - Must be able to use personal smartphone device on an as-needed basis to perform job-related tasks such as supporting an on-call rotation, accessing Microsoft Teams and Outlook, and enabling/signing into multi-factor authentication (MFA) applications. - Please Note: Incoming and Outgoing calls are made via an assigned extension in Microsoft Teams desktop. There is no requirement to use a personal smartphone device to support phone calls. Security Clearance Requirements - Background Check US Citizenship Requirements - To comply with CMMC requirements, as well as U.S. Government contracts, U.S. citizenship is required.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Seeking an RMF Sr. Information Security Systems Manager (ISSM) and Subject Matter Expert to support mission critical Office of the Undersecretary of War for Research and Engineering (OUSW (R&E) capabilities within all facets of the RMF. This pioneering domain presents unique challenges, necessitating skilled ISSMs to maintain system security and oversee cyber implementation. - Accountability for upholding security standards across the organization. - Navigating the evolving landscape of defense technology and safeguarding sensitive information crucial to national security. - Possess a firm understanding of statutory guidance including: - 570.01 (Information Assurance Workforce Improvement Program) - DoWI 8500.01 (Cybersecurity) - DoW Directive 8140.03 (Information Systems Security Manager – DoW Cyber Exchange) - NIST 800-37 r2 (Risk Management Framework for Information Systems and Organizations) Successful candidates should be able to: - Expertly implement and manage cybersecurity controls across all system lifecycle phases. - Develop and implement security policies, procedures, and guidelines. - Conduct risk assessments and identify potential vulnerabilities and threats. - Collaborate with stakeholders to plan and implement security measures. - Develop and implement incident response procedures. - Ensure compliance with relevant security standards, regulations, and frameworks. - Maintain accurate and up-to-date security documentation. - Provide regular reports to management on the status of information security. Qualifications - Must have an active Top Secret with SCI eligibility. - Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 10 years of related experience). - At least 10+ years of cybersecurity experience including a senior technical or management role. - Project or Program Management experience a plus. - At least one IAT/IAM or equivalent security certification (e.g., CISSP, CCSP, CISM, CISA, or CASP). - Experience working with OSD leadership or Military component or branch. - Excellent communication/presentation skills briefing senior military and government civilian leadership. - Experienced with writing policies, guides, procedures. - Experience in hands-on with eMASS, Xacta and/or other GRC tools. - Experience with Federal and FedRamp A&A Processes. - Experienced and comfortable advising at the Senior Executive Service (SES) level of customers. Requirements - Utilize expert knowledge and experience regarding risk management strategies in support of a major DoW program. - Collaborate between the Cyber Risk Assessor/Security Control Assessor and the program as well as DoW senior leadership. - Reporting of status and metrics for body of evidence and authorization conditions. - Manage multiple priorities in a high-paced and fast-changing environment. - Perform other duties as assigned or required. Benefits - Full-Time REMOTE. Candidates in the Washington DC Metropolitan area preferred. - Travel requirements will vary with location, expect approximately 10% to 25%. Company Description We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

• Manage and optimize security tools such as email security, DLP, SIEM, IDS/IPS, EDR, threat intelligence platforms, and other tooling • Design and implement AI-enabled workflows to scale enterprise security and threat operations • Monitor and manage security alerts and incidents, analyze data, and respond to security events • Conduct in-depth analysis of security events and vulnerabilities to identify root causes and recommend corrective actions • Assist in vulnerability assessments and penetration testing activities including remediating security vulnerabilities • Collaborate with other teams to ensure the effective integration of security controls across the organization including IT infrastructure and applications • Develop, implement, and enforce security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of systems and data • Support operational activities including security reviews, vendor security, issue remediation, security awareness and training, and other processes • Support audit and compliance activities for various security domains