Cybersecurity Manager: Cloud, AI & DoD RMF Lead

Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities

The cybersecurity manager will have responsibility for integrating cybersecurity protections into the systems’ lifecycle, to include system design, operation, testing, maintenance, and monitoring. This role will be directly responsible for safeguarding Controlled Unclassified Information (CUI) which includes FOUO, Personally Identifiable Information (PII), and Protected Health Information (PHI) generated and/or provided under this contract.

The cybersecurity manager is responsible for supporting the data science team as they develop, analyze, and prepare data; training, testing, and deploying models.

The cybersecurity manager will direct, coordinate testing/regression testing to resolve hardware/software issues resulting from baseline changes and system security scans (i.e., ACAS, Fortify, Checkmarx). The cybersecurity manager will provide risk management framework (RMF) documentation to assist in establishing and maintaining an Authorization to Operate (ATO).

This role is highly collaborative, and candidates must have excellent communication and teamwork skills. The role, and associated team, is client facing.

Required Technical and Professional Expertise

• At least 5 years providing security compliance support for the migration of applications from legacy on-premises environments to multi-cloud solutions (such as AWS and Azure) to include migrating, building, and managing applications in a Cloud that leverage Platform-as-a-Service (PaaS) Cloud models, serverless computing, software-defined environments, and tooling frameworks.

DoD Secret Clearance required

Secruity + clearance required

• At least 5 years providing input and support to the client to update existing cloud-based AI Platform as a Service (PaaS) system-specific security and privacy plans.
• At least 5 years providing support in the selection, tailoring, and documentation of the security controls (system-specific, hybrid, or common) necessary to protect the system and the client commensurate with risk.
• At least 5 years assisting in the definition and implementation of system security and privacy plans for the cloud-based AI Platform as a Service (PaaS)
• At Least 5 years assisting the client in the implementation of a system-level continuous monitoring strategy.
• At least 5 years assisting in assessing security control implementation to verify proper implementation, they are operating as intended, and meeting the security and privacy requirements for the cloud-based AI Platform as a Service (PaaS) solution.

Ability to obtain a Secret Security Clearance

Preferred Technical and Professional Expertise

• Assist in the development of the cloud-based AI Platform as a Service (PaaS) solution authorization package to include the executive summary, system security and privacy plan, assessment report(s), and the plan of action and milestones.

Experience with the following.

NIST Risk Management Framework (RMF)

Federal Risk and Authorization Management Program (FedRAMP)

Enterprise Mission Assurance Support Service (eMASS)

Army Portfolio Management Solution (APMS)

DoD Information Technology (IT) Portfolio Repository (DITPR)

Assured Compliance Assessment Solution (ACAS)

Security Technical Implementation Guides (STIGs)

Fortify Static code Analyzer (SCA)

Checkmarx Static code Analyzer (SCA)

IBM DS&P

C3.ai AI Platform as a Service (PaaS)

AWS Govt. cloud

VMWare

Citrix