Execute the day-to-day management of the Enterprise Cyber Security (ECS) activities and of Booz Allen’s cybersecurity strategy. Report to the Chief Information Security Officer (CISO) and interact with other senior leaders, members of the board of directors, and other stakeholders as necessary. Collaborate with technical staff and understand governance, risk mitigation, and technical controls. Establish and implement highly effective policies, firm protocols, and security frameworks and promote appropriate collaboration among ECS and Information Security (IS) stakeholders, teams, and structure while growing, managing, and overseeing the ECS team. Work with the CISO and Chief Information Officer in determining acceptable levels of risk for the company and oversee incident response. Work with outside partners or consultants as required to meet independent security audit needs; manage outside security partners, stakeholders, vendors, and solutions providers working on security implementations. This position is open to temporary remote delivery anywhere within the U.S., to include the District of Columbia.
15+ years of experience in Information Security Programs
5+ years of experience in managing Information Security team staffing, contracting, budgeting, vendors, and security programs and projects
Experience with interfacing with senior executives at the business leader level and communicating complex cybersecurity concepts in business-relevant ways
Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning
Experience with performing multifaceted projects in conjunction with normal activities
Knowledge of common information security management frameworks, including NIST
Knowledge of enterprise systems, cloud solutions, and IT security technologies
Ability to obtain a security clearance
BA or BS degree
CISSP, CISM, or other security certifications
Experience as a thought leader and a team player
Ability to maintain awareness of cybersecurity industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats
Ability to conduct presentations to and collaborate with firm stakeholders to raise awareness of security risk management concerns
Ability to work with full confidentiality and a high level of personal integrity
Possession of excellent verbal and written communication skills, including the ability to draft and deliver technical reports, presentations, and correspondence
CRISC, CISA certifications
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.