Manager at PwC contributing to digital transformation in Utilities through technology consulting and stakeholder management. Focused on creating strategies and providing technology solutions in a data - driven world.
VI
Hybrid Cloud Cybersecurity Manager – Military Community and Family Policy
Posted 4 months ago
About the role
- Cloud Cybersecurity Manager for Vistra Communications, providing cybersecurity oversight for DoD cloud environments. Key responsibilities include leading risk management and compliance initiatives across EC2 and GovCloud.
Responsibilities
- Provide comprehensive cyber and cloud security leadership ensuring all cloud environments are designed, maintained, and operated securely and efficiently.
- Develop and implement the overall cybersecurity strategy aligned with DoD, DISA, NIST (SP 800-53), FISMA, and MC&FP requirements.
- Lead cloud risk management and IT security compliance initiatives, including application of the Risk Management Framework (RMF) across all MC&FP systems.
- Oversee daily monitoring, threat detection, and incident handling for cloud-based resources, including AWS GovCloud environments.
- Implement advanced security architectures for predictive threat detection and proactive incident response.
- Maintain and regularly test contingency plans, disaster recovery (DR), and continuity of operations (COOP) procedures for cloud infrastructure.
- Provide direct support for vulnerability management, penetration testing, and mitigation of security risks.
- Ensure continued Authorization to Operate (ATO) status for cloud systems at relevant impact levels.
- Conduct bi-annual audits of IT and cybersecurity SOPs, documenting and remediating compliance gaps.
- Oversee routine and ad-hoc reporting of compliance status, incidents, and risk metrics through dashboards and official reports.
- Coordinate with Tier 2 CSSPs and government cyber teams to ensure seamless lifecycle management and reporting for incidents and vulnerabilities.
- Adhere to and enforce compliance with all applicable STIGs, SRGs, IAVAs, and other cybersecurity requirements.
- Catalog and inventory all cloud configuration items (CIs), and maintain an up-to-date configuration management (CM) database with strong data integrity and availability measures.
- Oversee review and implementation of secure configurations and baseline management for all cloud resources.
- Serve as Secretariat for the Configuration Control Board (CCB), maintaining records, policies, procedures, and facilitating CCB meetings.
- Manage the change control process for all information systems, networks, and security modifications.
- Lead or support scenario planning exercises, threat simulation labs, and cross-agency security drills.
- Identify and recommend the implementation of emerging security technologies, automation, and best practices to advance security posture.
- Develop and implement automated incident response workflows and playbooks.
- Serve as principal cloud security advisor to leadership, project managers, developers, and IT engineering teams.
- Collaborate with government stakeholders, technical teams, and external partners to ensure secure design, deployment, and operation of cloud systems.
- Provide cloud cybersecurity guidance and training to staff and ensure all stakeholders are informed of their security responsibilities.
- Ensure that account provisioning, privilege management, and access controls for cloud systems are implemented and regularly reviewed.
- Maintain compliance with the DoD Cyber Workforce Framework (DCWF), ensuring staff certifications and training are up to date.
Requirements
- A minimum of eight years of experience in managing cybersecurity projects of similar size and complexity to this requirement within a cloud environment.
- A minimum of eight years of experience with the NIST RMF, NIST SP 800-53, STIGs, Security Content Automation Protocol (SCAP), Information Assurance Vulnerability Alerts (IAVAs), and Federal Information Security Management Act (FISMA).
- Possess one of the following certifications: CISM, Certified Information Systems Security Officer (CISSO), Federal IT Security Professional-Manager (FITSP-M), GIAC Certified Intrusion Analyst Certification (GCIA), GIAC Cloud Security Automation (GCSA), GIAC Certified Incident Handler (GCIH), GIAC Security Leadership Certification (GSLC), Global Industrial Cyber Security Professional Certification (GICSP), CISSP-ISSMP, or CISSP
- Possess a minimum of a favorably adjudicated Tier 5 investigation.
- Prefer bachelor’s degree in computer science, IT, information systems, or a related field.
- Prefers a minimum of eight years of experience analyzing, assessing, and implementing corrective actions based on vulnerability management and penetration testing.
- Prefers minimum of eight years of experience supporting DoD defensive cyber operational activities, including, but not limited to, information system protection, defense, response (incident handling), reporting, and recovery.
Benefits
- Medical, dental, and vision benefits
- Life and disability insurance
- Employer matching 401(k) retirement plan
- Paid Time Off
- Parental and Bereavement Leave
- Professional Development
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Research Associate conducting advanced research in iOS security within a leading institute for applied cybersecurity. Emphasis on secure application development and vulnerability analysis.
Cybersecurity Engineer focused on threat monitoring and incident response for Verizon's network security. Collaborating on security architecture and vulnerability management across multiple locations.
Senior Manager of Application Security leading initiatives to protect applications at Nordstrom through strategic leadership and AI - driven tooling. Collaborating with engineering to ensure secure software development practices.
Information Security Engineer responsible for deploying and supporting security tools across cloud and on - premise systems. Collaborating with IT to mitigate security risks in a hybrid work environment.
Casual Retail Security Officer for MSS Security ensuring safety at Tweed Mall in Tweed Heads. Responsible for patrols, incident response, and customer service.
Financial security advisor at Desjardins developing client relationships and selling life and health insurance products. Focusing on customer satisfaction and personalized financial solutions.
Principal Information Security Consultant at Westpac focusing on security protocols and employee benefits for staff. Hybrid role centrally located with opportunities for professional development and employee perks.
Engineer supporting secure development lifecycle processes for product lines in the energy sector. Collaborating with R&D on security requirements and compliance audits.
Automation Oversight Engineer providing oversight of compliance in automated device configurations for Comcast Business. Managing configuration checks and reporting, ensuring reliable oversight and improvement strategies.