Director of Security, Chameleon Consulting Group, Herndon, VA
Chameleon Consulting Group -
Herndon, VA,
US
Director of Security
Date Posted: 2024-06-15
Job description
CCG is a technology company focused on equipping customers with the capabilities and support to conduct intelligent and successful cyber operations. We do this by finding the most talented engineers and operators in the country, give them some of the most challenging problems facing the US government, and help them unleash their creativity and problem-solving skills. Excellence is our standard and mission success is our metric.
The CCG Director of Security reports directly to the Chief Operating Officer and is responsible for the operations of three Special Access Program (SAP) and Sensitive Compartmented Information (SCI) facilities, management of a five person security team and contracted guard force, and implementation of operative security controls intended for the protection of unclassified and classified national security information (NSI) developed by or entrusted to CCG as a member of the National Industrial Security Program (NISP). The Director applies resources to mitigate risk across operational domains through a continuum of security administration standards, control strategies, and oversight levels that align with corporate needs and expectations.
Role:
The Director will be responsible for developing, implementing, supervising, and maintaining an enterprise security program for multiple Department of Defense (DoD) and/or Intelligence Community (IC) elements and programs. The security program will protect information and operations commensurate with the level of classification of the program, e.g., collateral, SCI, SAP, or multi-level. The Director will oversee physical and technical security (e.g., TEMPEST and TSCM) actions and procedures, and will properly account for, control, transmit, safeguard, and destroy classified information in accordance with applicable regulations including the DD254. Additionally, the Director will generate a security education training and awareness program for the technical staff operating in secure spaces within their cognizance, and will distribute periodic notifications to indoctrinated staff, emphasizing unauthorized disclosure awareness, classification management, personal reporting requirements, and day-to-day security program execution.
The Director will be responsible for 3 secure areas and will prepare and maintain accreditation documentation for each, including the diagrams, UL 2050 certifications, fixed facility checklists, compartmented area checklists, TEMPEST checklists, and mitigation plans. The Director will use ICD/ICS 705 and the technical specifications to design new secure spaces or develop modifications and construction security plans for secure areas based on their accreditation status and Sponsor requirements. The Director will perform aspects of personnel security to include nomination interviews, validation of access requirements, submission of investigative requests and nomination packages, and indoctrinations including the execution of legally binding Non Disclosure Agreements (NDAs), e.g., SF 312, SF 4414, PIA. The Director will access an official Government system of record (SOR), e.g., DISS, JADE, Scattered Castles, and ensure approximately 200 personnel security records within their cognizance are accurately maintained in accordance with applicable regulation. The Director is expected to provide support to technical staff planning meetings by helping with coordination and visitor management, e.g., sending and receiving clearances through visitor approval requests (VARs). The Director will properly account for, control, transmit, package, and safeguard COMSEC information, and administer periodic software and cryptographical key updates. The Director will assist the Information System Security Manager (ISSM) or Information System Security Officer (ISSO) with maintaining appropriate accreditation documentation for each information system (IS) within the secure area under their cognizance and address any shortcomings. The candidate must be professional, capable of independent engagement, and possess the ability to collaborate with peers and personnel outside of your team to ensure adherence to regulations and guidelines, to include prime and subcontractors, DCSA Industrial Security Representatives, vendors, and USG customers. Additionally, the candidate must be adept at independent decision-making, possess a high degree of individual initiative and organizational skills, and function with minimal supervision.
The team member will participate, plan, and attend team events for morale and welfare.
Minimum Qualifications:
Preferred Qualifications:
This requisition requires the candidate to have a minimum of the following clearance(s): Top Secret/SCI
Work Location Type: Hybrid remote with one or two days per week reasonably expected to be on site in Herndon and Arlington, Virginia
Responsibilities
Security Management
Physical Security
Security Education & Training
Cyber Security/Risk Management Framework (RMF)
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
The CCG Director of Security reports directly to the Chief Operating Officer and is responsible for the operations of three Special Access Program (SAP) and Sensitive Compartmented Information (SCI) facilities, management of a five person security team and contracted guard force, and implementation of operative security controls intended for the protection of unclassified and classified national security information (NSI) developed by or entrusted to CCG as a member of the National Industrial Security Program (NISP). The Director applies resources to mitigate risk across operational domains through a continuum of security administration standards, control strategies, and oversight levels that align with corporate needs and expectations.
Role:
The Director will be responsible for developing, implementing, supervising, and maintaining an enterprise security program for multiple Department of Defense (DoD) and/or Intelligence Community (IC) elements and programs. The security program will protect information and operations commensurate with the level of classification of the program, e.g., collateral, SCI, SAP, or multi-level. The Director will oversee physical and technical security (e.g., TEMPEST and TSCM) actions and procedures, and will properly account for, control, transmit, safeguard, and destroy classified information in accordance with applicable regulations including the DD254. Additionally, the Director will generate a security education training and awareness program for the technical staff operating in secure spaces within their cognizance, and will distribute periodic notifications to indoctrinated staff, emphasizing unauthorized disclosure awareness, classification management, personal reporting requirements, and day-to-day security program execution.
The Director will be responsible for 3 secure areas and will prepare and maintain accreditation documentation for each, including the diagrams, UL 2050 certifications, fixed facility checklists, compartmented area checklists, TEMPEST checklists, and mitigation plans. The Director will use ICD/ICS 705 and the technical specifications to design new secure spaces or develop modifications and construction security plans for secure areas based on their accreditation status and Sponsor requirements. The Director will perform aspects of personnel security to include nomination interviews, validation of access requirements, submission of investigative requests and nomination packages, and indoctrinations including the execution of legally binding Non Disclosure Agreements (NDAs), e.g., SF 312, SF 4414, PIA. The Director will access an official Government system of record (SOR), e.g., DISS, JADE, Scattered Castles, and ensure approximately 200 personnel security records within their cognizance are accurately maintained in accordance with applicable regulation. The Director is expected to provide support to technical staff planning meetings by helping with coordination and visitor management, e.g., sending and receiving clearances through visitor approval requests (VARs). The Director will properly account for, control, transmit, package, and safeguard COMSEC information, and administer periodic software and cryptographical key updates. The Director will assist the Information System Security Manager (ISSM) or Information System Security Officer (ISSO) with maintaining appropriate accreditation documentation for each information system (IS) within the secure area under their cognizance and address any shortcomings. The candidate must be professional, capable of independent engagement, and possess the ability to collaborate with peers and personnel outside of your team to ensure adherence to regulations and guidelines, to include prime and subcontractors, DCSA Industrial Security Representatives, vendors, and USG customers. Additionally, the candidate must be adept at independent decision-making, possess a high degree of individual initiative and organizational skills, and function with minimal supervision.
The team member will participate, plan, and attend team events for morale and welfare.
Minimum Qualifications:
- Minimum of 5 years of related experience leading small teams of security professionals with a bachelor's degree or ten years equivalent combination of related education and work experience.
- Must have at least 2+ years of experience in each of the following areas: Industrial or Government Security positions involving Personnel Security, Information Security, Physical Security, Technical Security, SAP, SCI, Facility Security Officer, and hands-on supervisory security leadership.
- Must have demonstrable experience implementing related areas of: IC Standards or Directives; DoD Directives, Instructions, Manuals, or Standards, i.e., DoDM 5105.21 and DoDM 5205.07; 32 Code of Federal Regulations Part 117, National Industrial Security Program Operating Manual (NISPOM).
- Top Secret clearance with current SCI eligibility.
- Must have excellent verbal and written communication skills, including technical writing ability.
Preferred Qualifications:
- 5+ years of experience in each of the technical areas above.
- Additional experience as COMSEC account manager or COMSEC policy implementation officer.
- Experience as a counterintelligence special agent or related work experience performing risk management and Operational security (OPSEC).
- Experience with ISI Security Control, Aurora Web, DISS, JADE, NBIS, Scattered Castles, and DIAS
- Information Systems Security working knowledge sufficient to collaborate with the Director of Cybersecurity
- Security Fundamentals Professional Certification (SFPC) or equivalent
This requisition requires the candidate to have a minimum of the following clearance(s): Top Secret/SCI
Work Location Type: Hybrid remote with one or two days per week reasonably expected to be on site in Herndon and Arlington, Virginia
Responsibilities
Security Management
- Provide direction, purpose, oversight, and mentorship to the CCG security staff
- Perform program security administrative tasks and duties i.e. filing, updating logs/lists, supplies, coordination with internal and external customers
- Maintain personnel security records for SAP and SCI related programs to include the use of ISI Security Control, DISS, NBIS, and JADE..
- Perform initial access eligibility determinations and create PARs and SCI nominations.
- Process incoming and outgoing classified visit certifications
- Conduct internal self-inspections and assist with Staff Assistance Visits and Customer Security Assessments
- Maintain classified material accountability records to include inventory lists, receipt and transmittal records and final disposition documentation
- Working knowledge in the preparation and maintenance of prime and subcontract DD254s
- Ensure all classified materials are marked and controlled in accordance with contractual requirements
- Review operational requirements and system specification documents to ensure applicable security requirements are addressed and incorporated into security processes
- Interpret and implement security classification guidance
- Assist in the development of Program Protection Plans (PPPs)
- Investigate and document security violations/incidents, providing recommendations for corrective actions to program personnel/management
- Develop and maintain the program's Standard Operating Procedure (SOP)
- Attend, support and participate in program meetings, staff meetings, telecons, etc
- Respond to walk-in customers and perform ad hoc security services as required.
Physical Security
- Maintain the program's access control system
- Develop/maintain program Fixed Facility Checklists to establish/update classified work areas, including maintaining necessary waiver/approval records.
- Identify and correct deficiencies to maintain an acceptable level of risk mitigation
Security Education & Training
- Develop/conduct formal initial and recurring security education and training materials/events.
Cyber Security/Risk Management Framework (RMF)
- Provide necessary support to the Information Assurance team in the implementation and maintenance of classified information systems accredited under the Risk Management Framework (RMF).
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.