Apply on Employer Site

Vistra · 1 month ago

Cloud Cybersecurity Manager (CCM) - Military Community and Family Policy

Washington,DC,US

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Vistra is a Service-Disabled Veteran-Owned Small Business providing professional support services to Defense, Federal, and Civilian Agencies. The Cloud Cybersecurity Manager (CCM) will oversee cybersecurity initiatives for cloud environments, ensuring security compliance and operational support for the Military Community and Family Policy contract, while leading a range of security strategies and incident response efforts.

Public Relations

No H1B

U.S. Citizen Only

Responsibilities

Provide comprehensive cyber and cloud security leadership ensuring all cloud environments are designed, maintained, and operated securely and efficiently

Develop and implement the overall cybersecurity strategy aligned with DoD, DISA, NIST (SP 800-53), FISMA, and MC&FP requirements

Lead cloud risk management and IT security compliance initiatives, including application of the Risk Management Framework (RMF) across all MC&FP systems

Oversee daily monitoring, threat detection, and incident handling for cloud-based resources, including AWS GovCloud environments

Implement advanced security architectures for predictive threat detection and proactive incident response

Maintain and regularly test contingency plans, disaster recovery (DR), and continuity of operations (COOP) procedures for cloud infrastructure

Provide direct support for vulnerability management, penetration testing, and mitigation of security risks

Ensure continued Authorization to Operate (ATO) status for cloud systems at relevant impact levels

Conduct bi-annual audits of IT and cybersecurity SOPs, documenting and remediating compliance gaps

Oversee routine and ad-hoc reporting of compliance status, incidents, and risk metrics through dashboards and official reports

Coordinate with Tier 2 CSSPs and government cyber teams to ensure seamless lifecycle management and reporting for incidents and vulnerabilities

Adhere to and enforce compliance with all applicable STIGs, SRGs, IAVAs, and other cybersecurity requirements

Catalog and inventory all cloud configuration items (CIs), and maintain an up-to-date configuration management (CM) database with strong data integrity and availability measures

Oversee review and implementation of secure configurations and baseline management for all cloud resources

Serve as Secretariat for the Configuration Control Board (CCB), maintaining records, policies, procedures, and facilitating CCB meetings

Manage the change control process for all information systems, networks, and security modifications

Lead or support scenario planning exercises, threat simulation labs, and cross-agency security drills

Identify and recommend the implementation of emerging security technologies, automation, and best practices to advance security posture

Develop and implement automated incident response workflows and playbooks

Serve as principal cloud security advisor to leadership, project managers, developers, and IT engineering teams

Collaborate with government stakeholders, technical teams, and external partners to ensure secure design, deployment, and operation of cloud systems

Provide cloud cybersecurity guidance and training to staff and ensure all stakeholders are informed of their security responsibilities

Ensure that account provisioning, privilege management, and access controls for cloud systems are implemented and regularly reviewed

Maintain compliance with the DoD Cyber Workforce Framework (DCWF), ensuring staff certifications and training are up to date

Qualification

Cloud cybersecurity managementNIST Risk Management FrameworkAWS GovCloudCybersecurity complianceVulnerability managementPenetration testingIncident responseSecurity certificationsLeadershipCollaborationCommunication

Required

A minimum of eight years of experience in managing cybersecurity projects of similar size and complexity to this requirement within a cloud environment

A minimum of eight years of experience with the NIST RMF, NIST SP 800-53, STIGs, Security Content Automation Protocol (SCAP), Information Assurance Vulnerability Alerts (IAVAs), and Federal Information Security Management Act (FISMA)

Possess one of the following certifications: CISM, Certified Information Systems Security Officer (CISSO), Federal IT Security Professional-Manager (FITSP-M), GIAC Certified Intrusion Analyst Certification (GCIA), GIAC Cloud Security Automation (GCSA), GIAC Certified Incident Handler (GCIH), GIAC Security Leadership Certification (GSLC), Global Industrial Cyber Security Professional Certification (GICSP), CISSP-ISSMP, or CISSP

Possess a minimum of a favorably adjudicated Tier 5 investigation

US Citizenship Required: Due to the requirements of the federal contract that this position supports, U.S. citizenship is required. Citizenship will be confirmed via I-9/E-Verify at the start of employment

Preferred

bachelor's degree in computer science, IT, information systems, or a related field

minimum of eight years of experience analyzing, assessing, and implementing corrective actions based on vulnerability management and penetration testing

minimum of eight years of experience supporting DoD defensive cyber operational activities, including, but not limited to, information system protection, defense, response (incident handling), reporting, and recovery