Senior Director Security and Compliance

About Us

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity or a related field and 17 years of work experience in security for an Information Technology (IT) organization
• At least 5 years of experience must be in delivering business results in the areas of IT Operations, IT Security and compliance in an organization with at least 1000 employees
• 5 years experience conducting operational planning and analysis to define security policies, procedures and solutions that support compliance and business objectives
• 5 years experience leading strategic security initiatives
• 5 years experience overseeing the security of systems, networks, and enterprise information, including involvement in developing and/or executing an Incident Response Plan
• Extensive working knowledge of NIST SP 800-53 and/or 800-171/171A
• Demonstrated analytical, problem-solving, and decision-making skills, with the ability to identify and resolve complex and sensitive compliance issues
• Strong understanding of information, security principles, practices, and technologies, including network security, application security, cloud security and endpoint security
• Evidence of a strong understanding of Enterprise IT and cybersecurity principles, risk management, and compliance best practices, as well as experience with cybersecurity tools and technologies
• Proven track record of leading and managing cybersecurity initiatives and teams
• Excellent communication, presentation, and interpersonal skills, with the ability to communicate effectively with different audiences and levels of authority
• Proven success obtaining support and providing change management for new initiatives
• Ability to manage and prioritize tasks and projects
• Strong organization skills, attention to detail and the ability to work multiple tasks simultaneously
• Ability to manage and prioritize tasks and projects
• Proven career progression with increasing levels of responsibility

Desired Skills

• Working knowledge of DFARS 252.204-7008/7012/7019/7020/7021 and Cybersecurity Maturity Model Certification (CMMC)
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP)
• Experience working in Microsoft O365 hybrid environment
• Familiarity with cloud security and emerging technologies
• Experience architecting information systems and networks to meet requirements for performance and security
• Knowledge of zero trust architecture
• Prior experience as a DoD contractor

Description

The Senior Director of Information Security and Compliance will be the principal representative and accountable leader for all corporate information security-related matters.  This role is responsible for overseeing and implementing comprehensive cybersecurity programs (policies, procedures, and assessments) that achieve compliance with NIST SP 800-171, DFARS clauses, and CMMC. Due to the technical nature of SRC’s work, success requires a technical leader with experience architecting, implementing, and maintaining cybersecurity infrastructure. This Senior Director will ensure the organization's information assets are protected and compliant, required reporting is accomplished and certifications are achieved.  Primary duties, responsibilities and essential job functions are as follows:

• Manage a comprehensive security program aligned with SRC’s objectives and regulatory environment
• Develop, implement, and maintain cybersecurity policies and procedures in compliance with NIST SP 800-171, CMMC, FAR and DFARS
• Provide expert security guidance, compliance and security program oversight, oversee security/compliance assessments, including gap analysis, System Security Plan (SSP) development/maintenance and Plan of Action and Milestones (POA&M), and perform remediation planning
• Communicate effectively with different audiences and levels of authority
• Apply consultative and leadership skills to build productive relationships with internal customers and team members
• Lead and manage the enterprise security team, providing oversight, direction, expertise, and mentoring
• Lead the design, implementation, and management of cybersecurity infrastructure to meet requirements of USG contracts, including assisting project teams in addressing requirements and security challenges
• Work with Contracts and Procurement Departments to develop a vendor and supply chain cybersecurity management program
• Assist with business development by working with capture managers to understand and define business and technology needs, and provide subject matter expertise to align services with compliance requirements
• Collaborate with cross-functional teams to ensure cybersecurity measures are integrated into all aspects of the organization's business and operations.
• Coordinate incident response and recovery efforts
• Regularly present to the executive team on current security posture, priorities, tactical approaches, completion timelines and dependencies
• Develop and manage the security operations annual budget ensuring the appropriate level of protection and staffing while managing cost efficiency
• Stay current with emerging cybersecurity trends, threats, and technologies to ensure the organization remains at the forefront of federal cybersecurity practices
• Identify and implement improvements to increase efficiency of the compliance program and processes

#LI-DH1

Clearance Information

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AND ELIGIBILITY FOR A U.S. GOVERNMENT SECURITY CLEARANCE AT THE SECRET LEVEL

Diversity & Inclusion

We strongly believe in the abundance of differences among individuals. We value different points of view and appreciate diverse perspectives. We truly believe this is what makes our organization inclusive and more responsive to the needs of our diverse customers.

EEO

Scientific Research Corporation is an equal opportunity and affirmative action employer that does not discriminate in employment.

All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, or national origin, disability or protected veteran status.

Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact jobs@scires.com for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.