Information Security Officer/Subject Matter Expert

“Join GD Resources for dynamic opportunities in business management and IT, where innovation meets excellence.”

GD Resources LLC is a Veteran Women-Owned Business Management and Information Technology company committed to excellence. We offer dynamic opportunities for veterans and professionals alike to contribute to innovative projects and drive success in a collaborative and supportive environment. Join us in making a difference and advancing your career with a company that values integrity, diversity, and continuous growth.

Job Title: Information Security Officer/Subject Matter Expert
Location: In-person/telework, Hybrid-Must be able to travel to State Agencies throughout Maryland
100 Community Place, Crownsville, MD 21032

Job Types: Full-time, Contract
Pay: $70 - $80/hr (negotiable)

Benefits:

• Dental insurance
• Flexible schedule
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Day shift

The Office of Security Management (OSM) is seeking Information Security Officer (ISO) Subject Matter Experts to support the coordination and implementation of centrally provided cybersecurity services.

The Information Security Officer/Subject Matter Expert (ISO) will play a key role in integrating managed cybersecurity services and offering tailored consultation to meet the specific mission needs of various agencies. Embedded within these agencies, the ISO will act as the primary point of contact, ensuring cybersecurity solutions align with the agency’s objectives and the Cybersecurity Framework (CSF). The ISO will assess cybersecurity needs, implement risk management strategies, support incident response, and maintain security awareness programs. The ISO will collaborate with the ISO Program Director and Program Coordinator to ensure alignment with organizational cybersecurity goals, policies, and procedures

• Develop and maintain metrics to track adoption rates and regularly assess and enhance security controls, conducting assessments and evaluations to ensure effectiveness and compliance with established standards.
• Review and implement security policies to ensure compliance with regulatory requirements and organizational standards.
• Conduct thorough reviews of vulnerability data, coordinating with stakeholders to prioritize and address identified vulnerabilities effectively.
• Actively participate in Authorization to Operate (ATO) assessments, contributing expertise to ensure systems meet security requirements for operation. 
• Collaborate with cross-functional teams to develop and enhance security protocols and procedures for seamless integration and utilization. 
• Regularly report on adoption rates and identify areas for improvement.
• Monitor security systems to detect and respond to potential threats. 
• Act as the primary point of contact for ISO agency-related inquiries and engagements. 
• Monitor progress against established plans and adjust as necessary. 
• Develop strategic plans and roadmaps for service delivery.
• Implement measures to address identified vulnerabilities
• Participate in the design and implementation of secure system architectures.
• Develop and deliver security awareness training programs for employees.
• Ability to Develop and maintain an incident response plan.
• Lead and manage security-related projects, ensuring timely and successful completion.
• Prepare and present security reports to management and stakeholders.
• Maintain accurate and up-to-date security documentation.
• Ensuring efficient allocation of resources.

• Prepare and present security reports to management and stakeholders.
• Maintain accurate and up-to-date security documentation.
• Ensuring efficient allocation of resources

• Bachelor’s degree in computer science, information technology, Information Security, Cybersecurity or related field.
• Advanced degrees or certifications such as CISSP, CISM, or CISA, Sec+, CISSO.

• Minimum of 5 years’ experience in information security management, IT administration, or related fields.
• 3 years experience in implementing cyber assessment and remediation plans, procedures, and cyber defense operations.
• Practical experience with security technologies, incident response, risk management, and compliance. Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

• Specific experience in implementing ISO plans, procedures, and cyber defense operations.
• Experience tracking adoption rates and implementing centrally managed cyber services.
• Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives

• Graduate degree or certifications such as CISSP, CISM, or CISA
• Strong knowledge of industry standards, regulations, and best practices related to information security, including ISO 27001, and NIST Cybersecurity Framework.
• Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts.
• Strong analytical and problem-solving abilities.
• Meticulous attention to detail to identify and mitigate security risks.
• Understanding of various security protocols, standards, and methodologies. Proven experience in managing  scalable cybersecurity projects, including planning, execution, monitoring, and closing phases.
• Ability to coordinate cross-functional teams and manage multiple projects simultaneously.
• Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity services.
• The candidate must be able to travel to the Maryland Department of Information Technology (DoIT) office located in Crownsville, MD, as well as to various agencies within the Baltimore/Annapolis region.
• Familiarity with federal, state, and local regulations related to information security and privacy.
• Experience in implementing ISO plans, procedures, and cyber defense operations.
• Experience tracking adoption rates and implementing centrally managed cyber services.
• Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives.