Cyber Security Lead

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities

Octo, an IBM company, is an industry-leading, award-winning provider of technical solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.

Our team is what makes Octo great. At Octo you'll work beside some of the smartest and most accomplished staff you'll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!

Cyber Security Lead

Octo, an IBM company, is an industry-leading, award-winning provider of technology solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address the government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.

Our team is what makes Octo great. At Octo, you'll work beside some of the smartest and most accomplished staff you'll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission-critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!

You…

As a Cyber Security Lead at Octo, you will join an Agile development program in support of the development of a new high-priority, mission-critical application at the General Services Administration (GSA). This individual will lead other cybersecurity specialists and analysts to support delivering and sustaining reliable, scalable, and high-performance applications. This cross-functional role will work closely with development team members and various GSA and external stakeholders, including many at the leadership level. They will apply their skills and experience to provide the support and expertise needed to get cloud-based applications to GSA customers and keep them compliant with Federal and GSA security requirements.

Us…

We were founded as a fresh alternative in the Government Consulting Community and are dedicated to the belief that results are a product of analytical thinking and agile design principles and that solutions are built in collaboration with, not for, our customers. This mantra drives us to succeed and act as true partners in advancing our client’s missions.

Program Mission…

This program will support the GSA Information Technology mission, providing development and operational support for new and existing legacy mission-enabling applications. Your team on the program will have a direct say in your participation in the design and implementation of a mission-critical application that integrates with other GSA systems and impacts GSA employees and public users, starting at the design phase to include the development, implementation, and maintenance of a technology roadmap. We are digitizing information and processes for improved implementation, leveraging modern tools and low code/no code for reusability and faster delivery.

Responsibilities:

• Lead and support the daily cross-functional operational readiness of GSA’s shared Salesforce.com platform and other Low-code/no-code environments.

• Manage project cyber security team to meet on-going KPI and delivery metrics.

• Applies experience and knowledge of NIST Risk Management Framework (RMF) and how Federal agencies apply this to secure their information systems.

• Applies experience and knowledge with the Assessment and Authorization (A&A) process, including Authority To Operate (ATO) packages and their alignment with RMF processes.

• Coordinates FedRAMP authorization on behalf of GSA, including intake, kickoff, Work Breakdown Structure (WBS), remediation, and Authority to Operate (ATO).

• Builds out Implementation Plan, Security Test Results, and Evidence management.

• Responsible for Plan of Action and Milestone (POA&M) development, which includes any necessary remediation.

• Drafts Standard Operating Procedures (SOPs) for user account provisioning and end-user controls (GSA responsibility).

• Updates technical security specs within the ATO packages to accurately reflect new information.

• Supports Authorizing Official System Brief (AOSB) development regarding successes, POA&Ms, and all stakeholder input.

• Coordinates Incident Response Plan (IRP), and Memorandum of Understanding/Information System Agreement (MOU/ISA) development, including all final signatures.

• Facilitates (Incident Response Plan) IRP Tabletop exercises.

• Ensures detailed and efficient hand-off to the Implementation team.

• Works to maintain compliance for SaaS Systems in Continuous Monitoring through reauthorization.

• Continuously maintains the GSA’s ATO security controls.

• Tracks document expiration. Identifies items approaching expiration and proactively works to complete new versions of those documents and upload them as artifacts.

• Completes POA&M remediation actions and updates.

• Creates monthly POA&Ms for each ATO package to reflect the status of monthly vulnerability scans conducted by Vendor and GSA-responsible controls.

• Implement Annual Assessment SOP requirements, validate prescribed controls, and update reauthorization annually.

• Supports Authorizing Official System Brief (AOSB) development regarding successes, POA&Ms, and all stakeholder input to the system going up for reauthorization.

• Experience in Agile methodologies with an emphasis on testing practice.

• Ability to communicate in a clear and concise manner.

• Ability to take initiative on assigned projects/tasks and work with minimal supervision.

• Partner cross-functionally on platform innovation and DevOps maturity.

• Collaborating with internal and client staff in identifying, planning, executing, tracking, and reporting all activities for security and compliance-related activities.

  Years of Experience: 9+ years of related experience preferred. Education may be substituted for experience.

  Education: BA/BS degree preferred.

  Location: Remote within the United States.

  Clearance: Ability to obtain a government clearance.

Required Technical and Professional Expertise

• Bachelor’s Degree in information systems, Computer Science, or related field required, OR 4 years of demonstrated work experience in the specific field.

• Must have at least five years of related cyber security experience, with two years in leadership, preferably for a Federal or government agency.

• Proven experience leading a remote cyber security team.

• Strong conceptual understanding of how and when to apply NIST SP 800-53 security controls for information systems.

• Working knowledge of the software development life cycle (SDLC) for SaaS applications.

• Excellent professional verbal and written communication and technical documentation skills.

• Ability to read technical documentation and identify alignment and/or conflict with process requirements and policies. Ability to translate these findings into customer communications along with action items to resolve potential issues.

• Ability to prioritize and work on multiple projects and initiatives simultaneously and adapt to changes in requirements, priorities, and deadlines.

• Strong analytical and organizational skills, including strong attention to detail.

• Strong interpersonal skills and ability to work collaboratively in a dynamic team environment.

• Superb soft skills, including gaining the trust of stakeholders and senior management and negotiating priorities with external teams.

• Must be able to use a computer.

• Must be able to obtain a government security clearance.

• Must be eligible to work in the United States.

• Must have fast and reliable internet service that allows for effective telecommuting.
  Clearance: Ability to obtain a government clearance.

Preferred Technical and Professional Expertise

• Experience working with cybersecurity management tools.

• Prefer industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or Certified Ethical Hacker (CEH).

• Experience supporting GSA.

• Experience working in the government sector.

• SAFe Agile and QA Certifications

IBM Consulting is IBM’s consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients’ businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet.

In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.

Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?

IBM’s greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we’re also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it’s time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.

IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to: - Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being - Financial programs such as 401(k), the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs - Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law - Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals - Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year. This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role. We consider qualified applicants with criminal histories, consistent with applicable law. IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.

IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.