This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

This position falls under the umbrella of Sawdey's Managed Services Division (MSD). Sawdey MSD is a full-service Managed Service Provider (MSP)/Managed Security Service Provider (MSSP) providing IT and/or cybersecurity services to a variety of different clients (defense/government contractors, municipalities, non-profits, commercial organizations, etc.).

The Information Security Manager will plan, design, implement, and maintain client cybersecurity programs that meet all requirements of the CIA triad: Confidentiality, Integrity, and Availability. This position requires someone who works with minimal supervision. It is essential for this team member to deliver outstanding client service, expert problem solving, communicate effectively, and contribute positively to the Team.

• Support MSD work/contracts inclusive of risk analysis, project management, strategic planning, incident response, asset management, and overall client management.
• Lead and guide clients in developing and maintaining a comprehensive cybersecurity strategy aligned with regulatory standards (e.g., CMMC, NIST 800-171, ISO 270001, etc.).
• Create, establish, and maintain extensive information security standards, policies, and procedures.
• Support all aspects of Sawdey clients' CMMC efforts to include providing CMMC advisory services and ongoing cybersecurity programmatic maintenance activities.
• Generate daily, weekly, and monthly compliance reports and review such reports for anomalies or issues.
• Develop implementation plans that meet project goals and security requirements.
• Serve on Sawdey MSD clients' Change Approval Boards and Risk Management Boards.
• Conduct thorough risk assessments to identify and remediate vulnerabilities, threats, and potential impacts on client operations.
• Review security logs to identify risks, security threats, and configuration errors.
• Lead clients' security and compliance-related inquiries (e.g., insurance/cybersecurity questionnaires, risk assessments, incident response, CMMC assessments, etc.).
• Lead client's Incident Response (IR) activities and provide ongoing IR training.
• Leverage Artificial Intelligence (AI) to streamline processes and produce better outcomes for clients.
• Serve as respective clients' main or secondary POC and lead teams to complete project tasks as efficiently, securely, and timely, as possible.
• Translate cybersecurity jargon into non-technical language to assist executive teams in understanding risks and requirements associated with their cybersecurity.
• May assist in hiring, onboarding, and training new IT resources in support of Sawdey MSD.
• Work across departments/clients providing IT expertise for defining project requirements, proposals, cybersecurity program documentation, licensing support, etc.
• Stay current on new industry specific technologies as it relates to the position.
• Communicate and collaborate with clients and colleagues in a professional, respectful, and timely manner.
• Meet with current or prospective clients to assist in evaluating potential project work and/or ongoing support services.
• Continually evaluate and recommend changes for improvement for client systems.
• Provide project status updates and/or overall client status updates to MSD Leadership.
• May prepare both internal and client briefs.
• Understand and adhere to Cybersecurity Maturity Model Certification (CMMC) requirements and policies.
• May serve as a mentor to fellow Sawdey MSD team members.
• Participate in an on-call rotation.
• Perform other duties, as assigned.

Qualifications

• Five (5) + years of IT-related experience.
• Must have experience and a good understanding of cybersecurity frameworks and regulations, including, but not limited to National Institute of Standards and Technology (NIST) Special Publications (SP), International Organization for Standardization (ISO), and Health Insurance Portability and Accountability Act of 1996 (HIPAA).
• Must have experience working with at least some of the following:
  • Microsoft 365
  • Azure IaaS, PaaS, SaaS Services
  • Microsoft Defender
  • Windows Server
  • VMWare
  • Duo
  • CrowdStrike
  • Veeam
  • Vulnerability Scanning and Management
  • Configuration Management and Maintenance
  • IT and Compliance Documentation
  • Client, Project, and Ticket Management

Education Requirements

• Bachelor's degree in an IT-related field preferred, but not required.

Certificate, License, and Registration Requirements

• One or more of the following certifications are desired, but not required:
  • CMMC Certified Professional (CCP)
  • Certified Information Systems Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Microsoft Certified: Cybersecurity Architect Expert
  • Microsoft 365 Certified: Enterprise Administrator Expert
  • Microsoft Certified: Azure Administrator
  • CompTIA Security+
• If the candidate doesn't have the CCP certification, the individual will be required to attend CCP training in the first 3 months and pass the CCP exam within the first 6 months of employment.

Other Required Skills & Abilities

• Must be able to effectively communicate with customer and fulfill all duties and responsibilities as listed in the contract.
• Must be proficient in Microsoft Office suite including, but not limited to: Word, PowerPoint, Excel, and Outlook.
• Must be able to communicate and collaborate with corporate employees, clients, and colleagues in a professional, respectful, and timely manner.
• Must have daily and accurate time entry accounting for all service and non-service tasks.
• Must be able to articulate technical information to non-technical people.
• Must be self-motivated and self-directed with the ability to work with minimal direction and oversight.
• Must be able to pay very close attention to detail.
• Must be able to participate in an on-call rotation.
• Must be able to use personal smartphone device on an as-needed basis to perform job-related tasks such as supporting an on-call rotation, accessing Microsoft Teams and Outlook, and enabling/signing into multi-factor authentication (MFA) applications.
• Please Note: Incoming and Outgoing calls are made via an assigned extension in Microsoft Teams desktop. There is no requirement to use a personal smartphone device to support phone calls.

Security Clearance Requirements

• Background Check

US Citizenship Requirements

• To comply with CMMC requirements, as well as U.S. Government contracts, U.S. citizenship is required.