ENTERPRISE INFORMATION SECURITY ARCHITECT - Military Veterans
at Navy Exchange Service Command
Job Summary: Serve as Information Security Architect with responsibility of developing and maintaining the enterprise architecture of NEXCOMs Security and BCDR programs. Includes working with stakeholders both leadership and subject matter experts to build a holistic view of NEXCOMs strategy processes information and information technology assets. Coordinates the NEX business need with DOD security and business continuity requirements to form a full roadmap for the future. Defines the configurations necessary for fail over to remote disaster recovery site.
Duties and Responsibilities: Incumbents of this position must be U.S. Citizens. Responsible for the design development implementation and or integration of a DoD IA Information Assurance architecture system or system component for use within the NEXCOM enterprise. Performs risk analyses for functional areas to identify points of vulnerability single points of failure and identifies risk avoidance and mitigation strategies. Advises NEXCOM on the specific data technologies that support or enhance the organization for the long term strategic responsibilities of NEXCOM IT systems. Designs develops reviews and implements system security measures that provide confidentiality integrity availability authentication and nonrepudiation. Designs develops reviews and implements security designs for new or existing technology systems. Ensure that the design of hardware operating systems and software applications adequately address IA security requirements for the computing environment. Provides system related input on IA security requirements to be included in statements of work and other appropriate procurement documents. Ensures security deficiencies identified during security certification testing have been mitigated corrected or a risk acceptance has been obtained by the appropriate authorized representative. Ensures that the implementation of security designs properly mitigate identified threats. Develops and maintain the organizations enterprise architecture alignment of IT security strategy incorporating NEXCOMs business goals. Ensures compliance of artifacts to NEXCOM enterprise Information Assurance and BCDR standards. Familiar with regulatory requirements such as DIACAP PCI PII SOX. Participates in enterprise strategy development including environmental analysis opportunity identification value cases and business innovation portfolio development regarding all areas of IT security and BCDR functions. Documents system security design features and provide input to implementation plans and standard operating procedures. Conducts advanced technical research including market research of solutions based on vendor supplied documents. Based on current and future business requirements define configurations necessary for a disaster recovery site. Installs configure and maintain Governance Risk and Compliance toolset. Plans for future growth and resource needs by consulting with system administrators and other computing technical professionals recommending and providing security principle guidance and direction. Investigates and understands the IT threat potentials and provide insight on specific IA threat concerns to NEX components and recommends mitigation or prevention best practices. Ensures implementation of the rigorous application of Information Security Information Assurance policies principles and practices in the delivery of Systems Applications and or Services Hardware Software. Perform other related duties as assigned. Information Assurance Workforce Certification IAM2 jobs SECNAV M5239.2 DoN Information Assurance IA Workforce Manual requires incumbents of this position to possess and maintain current one of the following certifications GIAC Security Leadership Certification GSLC Certified Information Security Manager CISM or Certified Information Systems Security Professional CISSP. NEXCOM preferred certification is GIAC Security Leadership Certification GSLC. Candidate without the required certification may be placed into this position but must obtain the required certification within 6 months of appointment failure to obtain this requirement will result in termination of employment. This position is designated IT1 CriticalSensitive in accordance with SECNAV M5510.30 and will require favorable Single Scope Background investigation SSBI. Candidates must be eligible for and obtain a Top Secret Clearance within 6 months of appointment. Failure to obtain such will result in termination of employment.
Qualified candidates must be U.S. Citizens.
GENERAL EXPERIENCE 3 years experience in administrative technical or investigative work which demonstrated the ability and aptitudes required to perform technical managerial or analytical work involving management information systems.
OR SUBSTITUTION OF EXPERIENCE FOR EDUCATION One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelors degree in software engineering or business information systems for 3 years of general experience. AND
SPECIALIZED EXPERIENCE Five years of experience in at least two of the following Technical analysis for infrastructure architecture Disaster recovery design methodology IT security compliance and reporting Technical risk analysis Enterprise Architecture This position is designated IT1 Critical Sensitive in accordance with SECNAV M5510.30 and will require favorable Single Scope Background investigation SSBI. Candidates must be eligible for and obtain a Top Secret Clearance within 6 months of appointment. Failure to obtain such will result in termination of employment.
Virginia Beach, VA
The Navy Exchange Service Command (NEXCOM) is headquarters for the worldwide NEXCOM Enterprise. Our mission is to provide authorized customers with quality goods and services at a savings and to support quality of life programs for active duty military, retirees, reservists and their families.
NEXCOM oversees six primary business programs:
- Navy Exchange (NEX) Retail Stores and Services
- Navy Lodge Program
- Uniform Program Management Office (UPMO)
- Navy Clothing Textile and Research Facility (NCTRF)
- Ships Stores Program
- Telecommunications Program Office (TPO)