Senior Information Security Specialist – IT Operations
-
Apply Now Application ends in 25d 21h 30min
Job Detail
-
Offered Salary 0
Job Description
Senior Information Security Specialist
Onsite or hybrid position with the option to work out of Kansas City, MO or Gaithersburg, MD location.
Basic Function/Nature and Scope
This position supports MRIGlobal’s information security program in coordination with corporate policies and strategic direction. This senior-level position assists with all phases of the cybersecurity program that involves access to computers and electronic data, enabling the Institute to maintain compliance with regulatory and client-specific requirements. This individual also serves as a member of the MRIGlobal Cyber Incident Response Team (CIRT).
The Senior Information Security Specialist is focused on preventing IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction of an organization’s information systems and IT assets and intellectual property.
This position reports to the Director of Cybersecurity and provides subject matter expertise, policy guidance, and technical input in designing and implementing MRIGlobal’s information security program. The individual works both independently and collaboratively on assigned complex security-related programs and provides leadership and mentoring to members of the Information Security Team. All work is performed in support of MRIGlobal’s strategic plan and cybersecurity’s strategic direction.
Essential Functions
| 1 | Security Strategy and Planning: Develop, implement, and maintain comprehensive information security policies, procedures, and guidelines. Conduct regular risk assessments and vulnerability analyses to identify potential security threats. Develop and recommend security enhancements to management. Oversees day-to-day regulatory compliance of the Institute’s information systems including management and oversight of complex security-related projects. Writes and maintains System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms) to ensure compliance with regulatory guidelines (both Government and commercial requirements). |
| 2 | Incident Response and Planning: Lead incident response efforts, including identification, containment, eradication, and recovery of security incidents. Conduct post-incident analysis to identify root causes and recommend improvements to prevent future incidents. Maintain and update incident response plans and playbooks. Safeguard networks against unauthorized modification, destruction, or disclosure. Researches, evaluates, designs, tests, recommends, communicates, and implements new security software or devices. Reviews threats and vulnerabilities to assess risks to determine effective measures to minimize risks through software delivery and management. |
| 3 | Cyber Incident Response Team: Serves as a member of the MRIGlobal Cyber Incident Response Team (CIRT). Supports the selection, implementation, and maintenance of cybersecurity tools to provide MRIGlobal’s Cyber Incident Response Team with information necessary to determine root cause and remediation tactics for a cyber incident. |
| 4 | Security Monitoring & Analysis: Monitor security systems and networks for signs of potential threats or breaches. Analyze security alerts and data to identify and respond to security incidents. Implement and manage security information and event management (SIEM) systems. Maintains MRIGlobal’s security policies including support for the security posture of all cloud hosted systems. Partners and coordinates with the IT department to provide security direction and networking/network security support as needed. Supports MRIGlobal’s classified programs through the maintenance and accreditation of operational classified information systems for Federal Government clients in accordance with NISPOM standards and in coordination with the Security Department. |
| 5 | Access Control and Identity Management: Implement and manage identity and access management (IAM) systems to ensure secure access to information systems. Conduct regular reviews and audits of user access rights and privileges. Ensure compliance with the principle of least privilege and segregation of duties. |
| 6 | Compliance and Regulatory Requirements: Ensure compliance with relevant security standards and regulations (e.g., RMF, NIST 800-53r5, NIST 800-171, 32 CFR Part 117 NISPOM Rule). Conduct regular audits and assessments to ensure adherence to security policies and regulatory requirements and provide recommendations for designing and implementing security controls. Prepare and present reports on compliance status and security metrics to management. Supports MRIGlobal’s Technical Divisions by planning, designing, and implementing secure systems to meet contractual and regulatory requirements, and provides information security consulting services to staff to ensure compliance with regulatory and client-specific requirements. |
| 7 | Security Awareness and Training: Develop and deliver security awareness training programs for employees. Promote a culture of security awareness and best practices across the organization. Stay up to date with the latest security trends, threats, and technologies. |
| 8 | Project Management: Lead and manage security projects, including the implementation of new security tools and technologies. Collaborate with IT and other departments to ensure security is integrated into all projects and initiatives. Provide guidance and mentorship to junior security staff and other IT personnel. |
Minimum Qualifications
- Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or other related discipline with a minimum of 7 years relevant experience; or
- High school diploma or equivalent with a minimum of 10 years relevant experience.
- Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. U.S. citizenship is required to meet the government security investigation requirements.
Preferred Qualifications
- Professional certifications such as CISSP or Security+ are preferred. Experience and certifications may be substituted for a degree
Salary Range: $103,100 – $128, 700
The salary range is intended as a general guideline and is not a guaranteed offer, as compensation depends on various factors such as scope and responsibilities of the position, candidate qualifications, experience, internal equity, and market conditions. MRIGlobal also provides a comprehensive benefits package, including health and life insurance, disability coverage, gym reimbursement, mental health support, paid holidays, and PTO.
WHAT WE OFFER
At MRIGlobal, we offer benefits and perks that make your life even better.
Your Well-Being: You can receive comprehensive coverage for you and your family, and resources that support mental, physical, social, and financial well-being. Get access to wellness benefits like virtual coaching, no-cost counseling, onsite health screenings, gym reimbursement, and more. MRIGlobal has received multiple wellness recognitions, including being named “Healthiest Employer” by Kansas City’s Business Journal in 2024.
A Bright Future: MRIGlobal offers award-winning employer retirement matches and no-cost financial education benefits. Get paid Parental Leave. Enjoy PTO, and a flexible culture that encourages work-life integration.
Personal Development: At MRIGlobal, you will enjoy diverse work that will grow your skillset, along with a tuition reimbursement option to pay for higher education.
A Genuine Community: MRIGlobal is a special workplace. From our Chili Cook-offs, Pi Day, and charitable giving opportunities, our traditions strengthen our team spirit. Join our seasonal staff events, DEI celebrations, and volunteer in initiatives that nurture future STEM generations.
To view all of MRIGlobal’s current openings and to ensure that we receive your resume, visit our Career page.
EOE, including disability/vets. As an organization dedicated to scientific advancement, MRIGlobal invites and embraces diversity in our people. We value their unique backgrounds and perspectives in every aspect of our mission. We are committed to creating a safe, welcoming, and inclusive environment where everyone feels respected and represented, fostering a culture where all input is welcome. We adapt to change, challenge the status quo, and evolve through belonging, allyship, and mutual support.
Certain roles, depending on the nature of the job or work assignment require adherence to specific safety measures, including up-to-date vaccinations. This requirement aligns with both our operational needs and the expectations of our clients. Employees must furnish proof of such vaccinations before commencing their duties. Should an individual be unable to meet this vaccination criterion due to a legitimate medical condition, disability, pregnancy, or religious belief, we offer the option to apply for a reasonable accommodation in line with applicable laws. Inquiries or requests for accommodations should be directed to accessibility@mriglobal.org, ensuring a prompt and considerate resolution process. It’s important to note that failure to comply with a vaccination-required role or to secure an approved accommodation may affect one’s employment status with our organization.