Draper Associate Director, Enterprise Cybersec Group in Cambridge, Massachusetts
Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 1,800 employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.
Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.
Equal Employment Opportunity
Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact firstname.lastname@example.org.
The AD, Enterprise Cybersec Group will perform work for multiple Department of Defense (DoD) programs. This is a senior role in a multi-tasking environment that demands customer service, communication, and organizational skills. The Senior ISSM will work under the direction of the Director of Classified Program IT Operations. Directly manage a staff of 4-8 people: COMSEC Team, Automations Expert, Policy/Procedures Expert, CONMON manager and potentially more members over time. Performs overall management responsibilities including mentoring, training, and performance development. Collaborate with and in support of IT Engineering/Systems Administrations. Candidate must be a self-starter capable of multitasking and efficiently managing their time in a dynamic, deadline driven environment without appreciable direction. Additionally, candidate must possess excellent writing, speaking, analytical, project management, organizational, and customer service skills that will assist them in contributing to and deciphering organizational objectives and translating them into solutions for complex technical compliance and security strategies and challenges
· Serves as a Subject Matter Expert (SME) on securing Federal information systems (IS)
· Develop, Mentor, Coach and advise ISSM’s, ISSO’s and other technical staff
· Create and chair the CPITO policy review board
o Partner with functional area leads to standardize and optimize policies and procedures across the CPITO organization and coordinate with Procurement, Security, HR, and other groups across Draper to ensure compliance with DOD regulations
o Review eMASS submissions for accuracy and consistency
o Develop and review weekly/monthly/yearly information assurance audits and ensure compliancy to NIST 800-53 Medium Low Low (MLL) baselines
· Develop and maintain a Common Control Package
· Work with functional area leads to ensure continuous monitoring (ConMon) and self-inspection programs related to cybersecurity are implemented and effective
· Manage COMSEC activities
· Create and maintain standards and SOPs, ensure standards are met.
· Responsible for creating educational material and conducting training for the Cybersecurity and Privileged User staff. Utilize in-house and external training content to the creation, maintenance, securing and auditing of Linux and Windows operating systems
· Conduct Self-assessments and action findings
· Manage IA staff in Draper’s remote locations that support multiple business lines
· Research and recommend integrated security solutions in collaboration with technical SMEs for multiple classified IS consisting of various technologies and operational environments
· Engage with various regulatory agencies through industry groups and other forums to ensure Draper's needs and views regarding cybersecurity are represented
· Interact with government agencies to obtain rulings, interpretations and acceptable deviations for compliance with regulations
· Devise, maintain, analyze and report metrics for analysis to evaluate effectiveness of the classified systems cybersecurity activities
· Other duties as assigned in support of a fast and accurate methodology for submitting timely and accurate ATO packages
· Develop efficiencies anywhere within CPITO/ITS
· Investigate security incidents to include data spills, data integrity incidents, and malicious code incidents. Conduct TTX’s and AAR’s
· Participate in various committees and working groups spanning Draper such as Insider Threat, Supply Chain, Business Continuity/Disaster Recovery, etc.
· TS Clearance
· DODI 8570 IAM-III Certified
· More than 10 years of experience as a manager of ISSO’s and ISSM’s implementing NISPOM Chapter 8, DAAPM, DIACAP/NIST RMF, JAFAN 6/3, DCID 6/3, ICD 503, and/or JSIG IS requirements
· Familiarity with Windows & Linux operating systems, and various logging and audit tools
· Expert knowledge of eMASS
· Familiarity with C2G/C2C interconnected systems and/or Unified/Enterprise Wide Area Network (WAN) environments such as Secure Internet Protocol Router Network (SIPRNet).
· TS/SCI w/ poly or willingness to take a poly
· SAP Experience
** Draper has implemented a mandatory COVID-19 vaccination requirement for all Draper employees. This will be a condition of employment to work at Draper.
External Company Name: The Charles Stark Draper Laboratory Inc