ASRC Federal is seeking a Vice President, Chief Information Security Officer to join our internal IT organization located at our headquarters in Reston, VA.

The Chief Information Security Officer leads the Information Security function and is responsible for planning, implementing, and maintaining the information security program for ASRC Federal; works closely with the ASRC Federal senior leaders regarding information security threats and collaborates with other CISOs across the DIB on cyber security risk matters, helping the company manage its information security risk. This includes the protection of mission-critical applications and systems that support our internal business operations and delivery of our client missions.

The successful candidate will be a hands-on visionary and experienced Information Security executive who has extensive experience in the data security and risk management; has an excellent grasp of the cyber threat environment; senior leadership experience, and a track record of assisting organizations make balanced and informed risk decisions.

ASRC Federal Holding Company has multiple subsidiaries that strive to provide cost-effective, quality solutions to government agencies. Our subsidiaries are determined to deliver on every commitment to every customer. ASRC Federal subsidiaries provide a wide array of services to a broad base of federal government agencies. We provide the common thread among our subsidiaries to ensure each customer and industry partner gets the benefits of our shared services model. ASRC Federal and our subsidiaries offer a respectful work environment where ideas can be shared, and an entrepreneurial spirit can be nurtured. We focus on our employees, so our employees can focus on our customers.

Key Role: The Chief Information Security Officer provides strategic and tactical leadership to advance ASRC Federal’s Information Security priorities and objectives by ensuring alignment with and achievement of business drivers and strategies and within our corporate risk profile.

• Serves as the face of Information Security, sets the tone, spurs enthusiasm, and ensures the enterprise’s readiness to execute and to sustain the Information Security strategy and program over the long term.

• Works with CIO, business stakeholders, and the Information Technology Group leadership to define and refine objectives and key results for the Information Security program, managing interdependencies and driving cross functional collaboration.

• Leads the regular process of refreshing Information Security objectives and key results, working with the CIO, the business, and initiative sponsors.

• Engage with business partners, customers, and other external stakeholders (including regulatory and law enforcement agencies), inspiring confidence in the company’s overall security posture and brand, through industry and customer presentations.

• Work with business stakeholders to ensure high value assets are identified, tracked, and prioritized in the application of cybersecurity programs and activities.

• Advance metrics-guided scorecards and dashboards to keep executive stakeholders apprised of business cybersecurity health.

• Provides strategic cross-functional leadership by integrating shared vision and strategies and highlighting and resolving interdependencies.

• Develop and maintain key relationships including peer Information Technology group leaders and key staff; Compliance, and Legal leaders; as well as with the operating group leadership.

• Develop and lead a highly capable Information Security function and team that provides timely visibility and accountability into progress.

• Establish effective management routines to integrate workstreams, keep work on track, and to identify issues early enough to course correct, if needed.

• Provide leadership on change management and communication plans, in coordination with our Corporate Communications team, to successfully move the enterprise to desired state.

• Develop and maintain contract / program cybersecurity monitoring capability that ensures secure delivery of services to our customers.

• Develop and maintain Supply Chain Risk Management (SCRM) capabilities in alignment with federal guidelines.

• Work with non-CIO technical leadership to ensure that services and capabilities developed in these organizations meet corporate and federal government security requirements.

• Guide the development of the ASRC Federal Zero Trust strategy.

• Keep the Operational Leadership Team (OLT) (e.g., CFO, CIO, Chief Legal Officer, etc.) informed of progress and issues.

Requirements :

Basic Qualifications:

• 15+ years progressively responsible information technology management expertise.

• 8+ years of experience in IT security architecture components; including network design, application delivery, remote access, security devices, data protection technologies, mobile device management etc.

• Deep understanding of laws and compliance standards governing cyber security in Civil Government and Defense space (e.g., FISMA, CMMC, ISO27001, ITAR, etc.).

• Experience driving the advancement of security architecture and technologies to improve efficacy, reduce risk and enable business operations.

• Ability to drive and operationalize security controls across a complex and distributed environment.

• Comfortable providing highly technical guidance and recommendations to architecture, engineering, and operations teams.

• Track record of successful leadership to drive results and proactively manage change in a complex and dynamic organizational, technological, and operating environment.

• Strong collaboration skills, a focus on positive intent and ability to develop strong relationships and partner effectively with others in the pursuit of common goals.

• Emotional intelligence, with the ability to build trust in a variety of relationships through candor, reliability, and authenticity as well as the capacity to embrace and draw from diversity and inclusion to improve the quality of outcomes.

• Executive presence, judgment, and pitch in communicating and supporting effective discussion and decision making.

• Well-honed strategic development skills including the ability to thinking analytically, frame options and outcomes and influence groups to decision.

• High performing individual with strong standing, credibility across organization and a natural internal network with experience implementing strategies to create and lead a high performing team.

• Proven information security; strong business and technical judgment

• Respected by the employees and peers, good mentor for subordinates.

• Excellent problem-solving skills and ability to help others organize problem solving.

• Strong networking and influencing skills.

• Exceptional communication skills and the ability to translate complex technical concepts into a clear business strategy.

• A natural change agent with a combination of vision and execution skills; comfortable operating in a fast-changing environment.

• High levels of personal confidence, credibility, professionalism and integrity to engage and influence at all levels.

• Proactive and innovative, high-energy, possessing drive and pragmatism and able to create business value as well as providing protection.

• Bachelor’s degree or advanced degree in IT/Computer Science/Engineering

• Must be a US Citizen with ability to pass a government background investigation.

Additional Qualifications:

• CISSP, CISM, GIAC or similar certification desired.

• Experience with mergers & acquisitions, managing security programs across subsidiaries.

• Understanding of application and database security issues and available mitigation strategies.

• Knowledge of penetration testing techniques, vulnerability scanning, and risk analysis.

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.