Cybersecurity Subject Matter Expert Lead

About The Position

Requirements

• Current DoD 8670.01/8140 IAM Level III certification that includes one or more of the following: ISACA CISM, ISC2 Certified Information Systems Security Professional (CISSP), GIAC/SANS GIAS Security Leadership Certification (GSLC), or EC-Council Certified Chief Information Security Officer (CCISO).
• 7+ years of Information Technology experience.
• 5+ years of Information Assurance / Cybersecurity experience.
• Demonstrated expertise in cybersecurity assessment methodologies, risk analysis, and enterprise cybersecurity governance.
• Strong analytical and problem-solving skills with the ability to resolve complex cybersecurity challenges.
• In-depth knowledge of DoD cybersecurity regulations and guidance, including RMF implementation.
• Strong familiarity with Defense Information Systems Agency STIGs and Security Requirements Guides (SRGs).
• Demonstrated ability to develop and evaluate cybersecurity technologies, architectures, and security solutions.
• Exceptional technical leadership and independent decision-making ability.
• Ability to translate complex cybersecurity issues into clear, actionable guidance for senior leadership.
• Strong written and oral communication skills capable of supporting executive-level briefings.
• Proven ability to innovate and develop new cybersecurity concepts, processes, and technical solutions.
• Demonstrated ability to work independently toward long-range cybersecurity program objectives.

Nice To Haves

• Experience supporting DoD or DLA program offices.
• Experience supporting DoD DLA environments.
• Experience leading enterprise-level cyber modernization initiatives.
• Familiarity with DLA-specific cybersecurity governance frameworks.
• Current Project Management Professional (PMP) certification.
• Current Risk Management Professional certification such as one or more of the following: PMP-RMP, ISACA Certified in Risk and Information Systems Control (CRISC), ISACA Certified Information Systems Auditor (CISA), ISACA Certified Information Security Manager (CISM), ISC2 Certified in Governance, Risk and Compliance (CGRC), or Risk and Insurance Management Society (RIMS) Certified Risk Management Professional (RIMS-CRMP).

Responsibilities

• Enterprise Cybersecurity Technical Leadership: Serves as the senior technical advisor to the DLA cybersecurity assessment and oversight program, providing expert interpretation of cybersecurity policies, standards, and technical requirements. Provides authoritative guidance on complex cybersecurity issues involving enterprise systems, networks, applications, enclaves, and emerging technologies. Analyzes highly complex cybersecurity challenges and recommends innovative solutions that balance mission requirements, operational risks, and regulatory compliance.
• RMF and Cybersecurity Assessment Expertise: Provides subject matter expertise on implementation and governance of the DoDI 8510.01 Risk Management Framework for DoD IT across DLA information systems. Advises government stakeholders on security control validation, risk assessments, and authorization readiness determinations. Provides technical review of security control assessments, continuous monitoring activities, and RMF authorization packages submitted through eMASS. Supports development of enterprise-level recommendations regarding residual risk acceptance and cybersecurity posture improvements.
• Cybersecurity Tools, Standards, and Architecture Support: Evaluates cybersecurity tools and technologies to support enterprise security assessment, monitoring, and compliance activities. Recommends cybersecurity software solutions and assists in defining functional and technical requirements for tool selection. Supports development of product-specific Security Technical Implementation Guides (STIGs) based on Defense Information Systems Agency Security Requirements Guides (SRGs). Provides technical leadership in evaluating network security architectures, vulnerability assessment methodologies, and cybersecurity implementation strategies.
• Enterprise Cybersecurity Policy and Methodology Development: Contributes to the development of new cybersecurity principles, methodologies, and governance practices that improve the DLA enterprise cybersecurity program. Provides expert guidance in the development and refinement of enterprise cybersecurity policies, directives, and standard operating procedures supporting the CPOSS program. Supports the development of advanced cybersecurity concepts and technical approaches that strengthen enterprise security posture and compliance with DoD cybersecurity regulations.
• Strategic Analysis and Innovation: Conducts research and analysis of emerging cybersecurity threats, technologies, and best practices relevant to the DLA mission environment. Develops innovative approaches for improving cybersecurity assessment processes, continuous monitoring practices, and enterprise risk management strategies. Identifies opportunities to enhance cybersecurity oversight capabilities through improved tools, automation, analytics, and governance frameworks.
• Senior-Level Advisory and Communication Support: Provides expert written and oral briefings to senior government leadership regarding cybersecurity risks, program status, and recommended solutions. Prepares technical reports, white papers, and presentations addressing enterprise cybersecurity challenges.

Benefits

• We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them.
• BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance.
• Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements.