Chief Information Security Officer
Overview
LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help the Department of Defense resolve complex logistics management challenges, LMI continues to enable growth and transformation, enhance operational readiness and resiliency, and ensure mission success for federal civilian and defense agencies.
Responsibilities
The LMI Chief Information Security Officer (CISO) will be responsible for securing the organization’s information systems, ensuring compliance with government regulations, and managing cybersecurity risks. The CISO drives implementing and running the enterprise Cybersecurity function from strategy and to implementation to thought leadership. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks and information assets while supporting and advancing business objectives. The CISO position requires a visionary leader with sound knowledge of Federal government contractor business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. He or she will proactively work with the CIO, CTO, business units and stakeholders to architect and implement practices and solutions that meet agreed-on policies and standards for information security.
Responsibilities:
- Develops and implements cybersecurity strategies that aligns with the LMI’s goals, business objectives and government security requirements.
- Establishes governance frameworks including policies, procedures, and governance structures to ensure cybersecurity is managed consistently across the organization.
- Regularly briefs executive leadership on the security posture, plans, and emerging threats.
- Ensures compliance with federal regulation and standards, but not limited to, the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, NIST SP 800-53 (Risk Management Framework), NIST SP 800-171 (Controlled Unclassified Information), CMMC (Cybersecurity Maturity Model Certification), FISMA (Federal Information Security Management Act)
- Prepares the organization for and leading audit readiness, audits, and certifications related to government cybersecurity compliance.
- Identifies and manages cybersecurity risks, including third-party risks, insider threats, vulnerability assessments, incident response and recovery, and supply chain vulnerabilities.
- Ensures LMI’s information systems and data is protected and implements robust access controls, encryption standards, and other technical security measures on sensitive and classified information and secures, including securing our cloud environments.
- Manages LMI’s security operations and oversees security operations centers (SOCs) and ensuring continuous monitoring, detection, and response to security threats, including threat intelligence and monitoring and incident handling.
- Threat intelligence and monitoring: Staying informed on new cyber threats and deploying countermeasures to mitigate them.
- Collaborates with government entities and serves as the liaison between the contractor and government agencies for security matters, including audits, reporting, and remediation efforts, including ensuring timely incident reporting to agencies such as the Department of Defense (DoD), Department of Homeland Security (DHS), or other relevant bodies.
- Implements cybersecurity awareness and training programs across the organization, particularly for employees handling sensitive or classified information.
- Manages third-party and supply chain security with ensuring subcontractors, third-party vendors, and solution providers adhere to cybersecurity requirements, including NIST SP 800-171 and CMMC
- Develops, tests and communicates business continuity and disaster recovery (BC/DR) plans
- Allocates and manages the budget for cybersecurity initiatives, tools, and staff.
- Manages a cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews
Qualifications
Required Qualifications:
- Demonstrated experience and success in leadership roles in information security, risk management, and IT or OT security.
- Knowledge of information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Demonstrated experience leading support and response to external security audits.
- Degree in a STEM field (business IT related program), or equivalent work- or education-related experience.
- 10+ years of experience in cybersecurity or information security roles, with increasing levels of responsibility.
- Experience designing and implementing cybersecurity architectures, including secure network and system design, encryption, access control models, secure SDLCs, and securing cloud environments that handle government data, such as FedRAMP-authorized cloud services.
- Familiarity with firewalls, intrusion detection systems (IDS), endpoint protection, data loss prevention (DLP), and vulnerability management.
Preferred Qualifications:
- Graduate degree in a STEM field, or an IT Security or Cybersecurity program.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
- Experience establishing a Cyber Supply Chain Risk Management program.
- Previous experience as a corporate CISO or head of a Cybersecurity practice.
- Experience with federal agencies working directly with or for U.S. federal agencies, such as the Department of Defense (DoD), Department of Homeland Security (DHS), or other relevant entities.
- TS/SCI with Full Scope Polygraph (or, if not, then TS/SCI with CI Polygraph).
- Experience maintaining IL6, SCIF, and SAP environments.
- Demonstrated ability to lead and motivate even when"dotted line" reporting lines exist.