Job Information:

BDO is seeking an IT Security Manager who will oversee all aspects of IT security across the Public Sector organization, ensuring compliance with regulatory standards, managing risk, and safeguarding information assets. This role requires an in-depth understanding of industry security frameworks and government compliance requirements, including CMMC, FedRAMP, NIST standards, and STIGs. The successful candidate will lead strategic security initiatives, work collaboratively with IT & business teams, and develop & implement policies to protect our assets. 

Job Duties:

Develops, implements, and manages BDO Public Sector’s IT security strategy to ensure comprehensive protection across all assets Ensures compliance with industry security standards and government regulatory requirements Oversees and assesses the implementation of security measures across systems, applications, and networks, particularly in relation to Microsoft Government Community Cloud High (GCC High) and Microsoft Azure Government Conducts regular risk assessments and audits, identifying vulnerabilities, and implementing corrective actions, leveraging tools like Microsoft Azure Sentinel and Tenable Nessus.  Manages the security incident response process, including investigation, mitigation, and reporting Collaborates with internal teams and stakeholders to ensure security best practices are integrated into IT and business processes Develops and delivers training and awareness programs for IT staff and end-users on security protocols. Stays up to date with evolving security threats and compliance requirements to guide proactive security improvements Conducts social engineering testing Completes annual 40 hours of continuous learning, (may include professional memberships, forums, lunch and learns, roundtables, online training courses, and maintaining certifications) Prepares and delivers security reports as required Other duties as assigned

Supervisory Responsibilities:

Oversees and manages security activities including other security personnel

Qualifications, Knowledge, Skills, and Abilities:

Education:

High School Diploma or GED, required Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, preferred

Experience:

Five (5) or more years’ experience with cybersecurity, information technology, software engineering, information systems, or computer engineering, required Experience supporting a federal government contracting organization, preferred Experience with a professional services firm, preferred

License(s)/Certification(s):

Certification such as CompTIA Advanced Security Practitioner (CASP), Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Security Leadership (GLSC), or Certified Information Systems Auditor (CISA), or Microsoft Security Architect (SC-100), required Other certifications addressing security, risk management, security engineering, network security, identity & access management, security assessment & testing, or security operations, preferred

Software:

Proficiency in Microsoft Office Suites (Excel, PowerPoint, and Word), required; advanced proficiency, preferred

Other Knowledge, Skills & Abilities:

Ability to interact effectively with people at all organizational levels within the client organization and in the firm  Excellent verbal and written communication skills Ability to work independently and collaborate within a team environment and with a customer service focus  Ability to follow instructions as directed  Superior organizational skills with the ability to multi-task in a fast-paced, deadline-driven environment Ability to advise stakeholders on enterprise cybersecurity risk management Ability to advise senior management on risk levels and security posture Ability to create system cybersecurity reports Ability to collect and maintain system cybersecurity report data Ability to communicate the value of cybersecurity to organizational stakeholders Ability to establish the enterprise continuity of operations program Ability to apply STIG/SCAP to enterprise systems Ability to determine if vulnerability remediation plans are in place Ability to develop vulnerability remediation plans Ability to support cybersecurity compliance activities Ability to determine if acquisitions, procurement, & outsourcing efforts address cybersecurity requirements Ability to conduct cybersecurity risk assessments Ability to integrate black-box security testing tools into quality assurance processes Knowledge of FAR and DFARS clauses  Knowledge of encryption algorithms Knowledge of cybersecurity laws and regulations Knowledge of cybersecurity policies and procedures Knowledge of cybersecurity principles and practices Knowledge of cybersecurity threats Knowledge of cybersecurity vulnerabilities Knowledge of cybersecurity threat characteristics Knowledge of access control principles and practices Knowledge of authentication and authorization tools and techniques Knowledge of business operations standards and best practices Knowledge of enterprise cybersecurity architecture principles and practices Knowledge of risk management principles and practices Knowledge of vulnerability data sources Knowledge of incident response principles and practices Knowledge of incident response tools and techniques Knowledge of incident handling tools and techniques Knowledge of information technology (IT) security principles and practices Knowledge of system threats Knowledge of system vulnerabilities Knowledge of new and emerging cybersecurity risks Knowledge of network attack vectors Knowledge of hardening tools and techniques Knowledge of encryption tools and techniques Knowledge of penetration testing principles and practices Knowledge of penetration testing tools and techniques Skills in evaluating security products Skills in creating system security policies