About MVM, Inc.
Service, Support, Success are the pillars upon which MVM’s founders built the company, and they continue to serve as MVM’s core values. Along with our uncompromising insistence on integrity and ethical business practices, these values make us the service provider of choice for our customers and the employer of choice for our dedicated team members.
Working at MVM, Inc. takes a certain kind of person; we want someone who identifies with our values and is willing to challenge themselves both personally and professionally. We seek employees who are passionate about serving and making a difference in lives of others.
We are looking to add an Information Systems Security Officer (ISSO). If you can envision joining a team where you will have the opportunity to provide mission driven results; then we are looking for you!
Here’s what you need to be successful in this role:
- Strategic Agility - Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective
- Excellent Functional and Technical Skills - Have the knowledge and skills to do the job at a high level of accomplishment.
- Committed - Have the passion and perseverance for what you want to accomplish
- Willing to support critical duties - Support responsibilities that must continue to be performed during crisis situations and contingency operations
What You Will Get to Do!
ISSO, assigned to the Corporate IT Department, will research, develop, implement, test, and review corporate information security measures and policies to protect sensitive information and prevent unauthorized access. The ISSO will carry out all activities and tasks required to achieve and maintain any client or contract mandated security certification or accreditation for the company’s IT infrastructure and systems. The ISSO will also coordinate and cooperate with HR department for companywide security awareness training by informing users about security measures, explaining potential threats, and risk and threat mitigation methods.
Key functions you will perform!
- Develop IT security standards, policies, and best practices for the organization.
- Achieve and maintain compliance with NIST SP 800-171 (or 800-53) and CMMC Level 3 or higher through security solutions deployment, security controls implementation, security policies enforcement and documentation.
- Establish, deploy, and maintain Incident Response Plan (IRP), Risk Management Plan (RMP) and Disaster Recovery Plan (DRP) in accordance with all required compliances.
- Research, evaluate, deploy, and maintain companywide security solutions to include but not limited to access control, endpoint protection, PKI, VPN Tunneling, Remote Access VPN, firewall rules, data encryption and Multi Factor Authentication.
- Periodically conduct and analyze simulated attacks, phishing tests, and security audits to identify and address vulnerabilities.
- Recommend security enhancements to upper management.
- Other duties as assigned
What you will need to have:
- Bachelor's degree or equivalent technical training in Computer Science or related field, and a minimum of four (4) years of related work experience.
- Must meet DoD 8570 IAT Level-1 or higher. (ISC)2 Certified Information Systems Security Professionals (CISSP) preferred.
- Two (2) to six (6) years of Cyber Security and Information assurance experience to include IT security policy development/deployment and Certification and Accreditation (C&A) process for federal government systems.
- Familiarity with the NIST publications and incident management/response.
- Ability to configure systems according to DISA Security Technical Implementation Guides (STIGs)
- Experience documenting and answering security controls questionnaire for C&A process
- Knowledge of current security tools, hardware/software security implementation, communication protocols or encryption techniques/tools.
- Experience using vulnerability scanners, assessment and SCAP tools. Experience with Tenable Nessus and Security Center preferred.
- Experience using and administering endpoint protection solutions such as Crowdstrike and Carbon Black.
- Patch management and vulnerability mitigation.
- Security policy enforcement via Active Directory Group Policy Objects.
- Intrusion detection (detect/prevent/respond to denial of service or intrusion attacks).
- Pass company background check.
- Ability to obtain and maintain government security clearance.
- Valid driver’s license.
- Strong written and verbal communication skills.
- Strong customer service and problem-solving skills.
- Occasional travel may be required.
- Paid training, fun, talented and driven teammates
- Knowledgeable, encouraging and present leadership
- A diverse and community-minded organization
- Career growth and learning opportunities for aspiring minds
- A competitive benefits package, and fosters a highly skilled, energized and empowered workforce.