Information Systems Security Officer

Company Overview: Satcom Direct (SD) provides global connectivity solutions for business and general aviation, military, government, and land mobile services. Since 1997, SD has worked to solve the unsolvable and advance the technology of connectivity through our industry-leading hardware and flight operations software. Our company culture is based on innovation and creativity which allows our team members to thrive in a dynamic atmosphere. We are looking for people who are passionate about customer satisfaction and who excel in a constantly changing environment. Satcom Direct offers a highly competitive benefits package. Our global headquarters offers an on-site gym staffed with personal trainers, a café, food trucks, social hour, and more. With an open vacation policy, employees have the flexibility to take time when they need it. SD is centrally located on the beautiful Space Coast in Viera, FL, which is one of the Top 50 Master-Planned Communities in the United States. JOB SUMMARY: This Position may be involved in research and development efforts for 20-30% of their time annually. The Information Systems Security Officer leads the execution of company and network compliance for SD’s Military/Government group. The ISSO is responsible is responsible for providing security planning, risk assessment and analysis, risk management tasks and activities to ensure Satcom Direct Government (SDG) information system(s) meets information security assurance requirements. To ensure SDG reaches its compliance goals for SDG’s CMMC, NIST, and IA-Pre compliance the ISSO will be responsible for integrating people, processes, and technologies associated with SDG’s information systems, applications, and data. This role is responsible for ensuring compliance with current and future contractual and regulatory security requirements along with supporting client engagements related to the security of SDG products and services. This role operates and works closely with Information Security, Information Technology, and both SD and SDG business units to align organization security policies and standards to strategic goals and reduce risks to an acceptable level that fosters technology transformation and innovation. ESSENTIAL DUTIES/RESPONSIBILITIES: Security Governance/Risk · Assist with security management of the information system(s). · Evaluate technology solutions to ensure they meet security requirements. · Support configuration management (CM) for information system security software, hardware, and firmware. · Assess and manage the security impact of changes. · Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, C&A Packages, etc. · Provide support to maintain the appropriate operational IA posture for a system, program, or enclave. · Develop and update the system security plan and other IA documentation. · Works with various business units to identify, define, and confirm the key risks to the organization’s information assets, internally and externally. · Researches and formulates information security policies, plans, and procedures for SDG. · Understands key business processes, systems, applications, and the latest knowledge in information security techniques across multiple platforms and environments. · Works with all employees to ensure that all policies and procedures are effectively implemented and with management to ensure these are communicated. Compliance and Audits · Perform vulnerability and risk assessment analysis to support certification and accreditation (C&A). · Develop and maintain documentation for C&A. · Responsible for implementing, supporting, and maintaining the company security posture, and will ensure that SDG’s programs and policies comply with local governmental and industry regulatory standards to include, but not limited to, DFARS, CMMC, NIST 800-171, IA-Pre, etc. · Draft, modify and implement documentation relating to ensuring compliance, such as System Security Plans (SSPs), and Risk Assessment Reports. · Coordinates the review and measurement of relevant security system logs and messages to identify and report on possible violations of security policy or standards. · Develops security awareness procedures and training and ensures communication to management regarding compliance. · Assess the business’s future ventures and contracts to identify possible compliance risks. Security Operations · Develops a management control program that proactively identifies threats to the organization, conducts periodic risk assessment and information security reviews, and formulates the management response to audit and/or regulatory information security findings. · Evaluating the efficiency of controls, ensuring continuous improvement. · Coordinates, documents, and reports on internal investigations of possible security violations · Assist in budget development, personnel recruitment, retention, development, and training. Security Architecture · Participates with IT teams to design, implement, test, and operate critical network and security related systems furthering global defense in depth strategies. · Assists in defining government security requirements in the procurement/retirement and/or development/deployment of hardware, software, and application systems. Analyzes, selects, recommends, and coordinates installation of information security technology with all relevant stakeholders. · Develops and implements tests of computer systems to monitor effectiveness of security through penetration and vulnerability assessments. · Coordinates with internal and external technology business units to align strategies across the enterprise and · portfolios. GENERAL QUALIFICATIONS, AND EXPERIENCE: An equivalent combination of education or experience may be considered. · Bachelor’s or Master’s degree in Information Systems, Information Security or equivalent. · A minimum of eight (5) years’ experience in IT / Information Security is required. · A minimum of three (3) years’ experience as an ISSE or ISSO for a multinational organization · Advanced knowledge and experience in security frameworks/standards including (NIST 800-53, 800-171, ISO 27001/2, CMMC, NIST RMF, etc.). · Must have working knowledge of and understanding of key security concepts such as access management, vulnerability, and patch management, SIEM, network threats and encryption. · Program Management experience is desired. · Desired knowledge or experience in satellite communications, aviation software/connectivity EDUCATION, KNOWLEDGE AND SKILLS: To be successful in this global role, the candidate must have a strong understanding of cybersecurity (be considered very technical), have thorough understanding of security technologies and security best practices, be able to directly manage a global cybersecurity crisis, have extensive experience in a large distributed global enterprise, have strong people skills and be able to effectively communicate with stakeholders at all levels in the organization. PHYSICAL DEMANDS: While performing general office duties for this position, the employee is regularly required to sit, stand and/or walk around (including the use of stairs). Other demands include the ability to openly communicate with others by talking, listening and reading, able to lift light objects (