IT Security Manager - Public Sector, Operations

Job Information:

BDO is seeking an IT Security Manager who will oversee all aspects of IT security across the Public Sector organization, ensuring compliance with regulatory standards, managing risk, and safeguarding information assets. This role requires an in-depth understanding of industry security frameworks and government compliance requirements, including CMMC, FedRAMP, NIST standards, and STIGs. The successful candidate will lead strategic security initiatives, work collaboratively with IT & business teams, and develop & implement policies to protect our assets. 

Job Duties:

• Develops, implements, and manages BDO Public Sector’s IT security strategy to ensure comprehensive protection across all assets
• Ensures compliance with industry security standards and government regulatory requirements
• Oversees and assesses the implementation of security measures across systems, applications, and networks, particularly in relation to Microsoft Government Community Cloud High (GCC High) and Microsoft Azure Government
• Conducts regular risk assessments and audits, identifying vulnerabilities, and implementing corrective actions, leveraging tools like Microsoft Azure Sentinel and Tenable Nessus. 
• Manages the security incident response process, including investigation, mitigation, and reporting
• Collaborates with internal teams and stakeholders to ensure security best practices are integrated into IT and business processes
• Develops and delivers training and awareness programs for IT staff and end-users on security protocols.
• Stays up to date with evolving security threats and compliance requirements to guide proactive security improvements
• Conducts social engineering testing
• Completes annual 40 hours of continuous learning, (may include professional memberships, forums, lunch and learns, roundtables, online training courses, and maintaining certifications)
• Prepares and delivers security reports as required
• Other duties as assigned

Supervisory Responsibilities:

• Oversees and manages security activities including other security personnel

Qualifications, Knowledge, Skills, and Abilities:

Education:

• High School Diploma or GED, required
• Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, preferred

Experience:

• Five (5) or more years’ experience with cybersecurity, information technology, software engineering, information systems, or computer engineering, required
• Experience supporting a federal government contracting organization, preferred
• Experience with a professional services firm, preferred

License(s)/Certification(s):

• Certification such as CompTIA Advanced Security Practitioner (CASP), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Security Leadership (GLSC), or Certified Information Systems Auditor (CISA), or Microsoft Security Architect (SC-100), required
• Other certifications addressing security, risk management, security engineering, network security, identity & access management, security assessment & testing, or security operations, preferred

Software:

• Proficiency in Microsoft Office Suites (Excel, PowerPoint, and Word), required; advanced proficiency, preferred

Other Knowledge, Skills & Abilities:

• Ability to interact effectively with people at all organizational levels within the client organization and in the firm 
• Excellent verbal and written communication skills
• Ability to work independently and collaborate within a team environment and with a customer service focus 
• Ability to follow instructions as directed 
• Superior organizational skills with the ability to multi-task in a fast-paced, deadline-driven environment
• Ability to advise stakeholders on enterprise cybersecurity risk management
• Ability to advise senior management on risk levels and security posture
• Ability to create system cybersecurity reports
• Ability to collect and maintain system cybersecurity report data
• Ability to communicate the value of cybersecurity to organizational stakeholders
• Ability to establish the enterprise continuity of operations program
• Ability to apply STIG/SCAP to enterprise systems
• Ability to determine if vulnerability remediation plans are in place
• Ability to develop vulnerability remediation plans
• Ability to support cybersecurity compliance activities
• Ability to determine if acquisitions, procurement, & outsourcing efforts address cybersecurity requirements
• Ability to conduct cybersecurity risk assessments
• Ability to integrate black-box security testing tools into quality assurance processes
• Knowledge of FAR and DFARS clauses 
• Knowledge of encryption algorithms
• Knowledge of cybersecurity laws and regulations
• Knowledge of cybersecurity policies and procedures
• Knowledge of cybersecurity principles and practices
• Knowledge of cybersecurity threats
• Knowledge of cybersecurity vulnerabilities
• Knowledge of cybersecurity threat characteristics
• Knowledge of access control principles and practices
• Knowledge of authentication and authorization tools and techniques
• Knowledge of business operations standards and best practices
• Knowledge of enterprise cybersecurity architecture principles and practices
• Knowledge of risk management principles and practices
• Knowledge of vulnerability data sources
• Knowledge of incident response principles and practices
• Knowledge of incident response tools and techniques
• Knowledge of incident handling tools and techniques
• Knowledge of information technology (IT) security principles and practices
• Knowledge of system threats
• Knowledge of system vulnerabilities
• Knowledge of new and emerging cybersecurity risks
• Knowledge of network attack vectors
• Knowledge of hardening tools and techniques
• Knowledge of encryption tools and techniques
• Knowledge of penetration testing principles and practices
• Knowledge of penetration testing tools and techniques
• Skills in evaluating security products
• Skills in creating system security policies

Join us at BDO, where you will find more than a career, you’ll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world. 

At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team.  BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.

BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm’s success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions. 

We are committed to delivering exceptional experiences to middle market leaders by sharing insight-driven perspectives, helping companies take business as usual to better than usual. With industry knowledge and experience, a breadth and depth of resources, and unwavering commitment to quality, we pride ourselves on:

• Welcoming diverse perspectives and understanding the experience of our professionals and clients
• Empowering team members to explore their full potential
• Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
• Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
• Focus on resilience and sustainability to positively impact our people, clients, and communities
• BDO Total Rewards that encompass so much more than traditional “benefits.”  Click here to find out more!

*Benefits may be subject to eligibility requirements.

Equal Opportunity Employer, including disability/vets