Maritime Industry Security Specialist, Hybrid Remote
Gibbs & Cox

Arlington, Virginia

Posted in Defence and Military


This job has expired.

Job Info


Gibbs & Cox, a wholly owned subsidiary of Leidos, is the largest independent naval architecture and marine engineering firm in the United States. Since our founding in 1929, 24 classes of combatants and nearly 7,000 vessels have been built to Gibbs & Cox designs. We proudly support military and commercial clients in the U.S. and internationally with all phases of marine design, construction, and lifecycle management. Our passion is solving our customers' 21st century maritime challenges with quality and integrity.

Gibbs & Cox is an EEO/An Affirmative Action M/F/D/V Employer

We are looking for a Maritime Industry Security Specialist for the Canadian Surface Combatant Project.

This is a unique opportunity to be part of a team to build a security program from the ground up!!!

Location:

  • Option 1: Hybrid remote and onsite in Halifax, Nova Scotia, Canada (3-week rotation)
  • Option 2: Full time onsite in Halifax, Nova Scotia, Canada
Available expenses:
  • Relocation bonus
  • Monthly housing stipend
  • Travel Allowance
  • Car Allowance
Key Responsibilities:

This position, within the Canadian Surface Combatant (CSC) Program, will be responsible for executing technical responsibilities within the Security Assurance Team that is integral to the operations and support of the System Engineering Organization. The Maritime Industry Security Specialist may be assigned responsibility in one or more of the following technical disciplines:
  • Risk Assessment:?Participating in the conduct of or reviewing risk assessments on organizations, facilities, or operations using common methodologies, such as the Harmonized Threat and Risk Assessment (HTRA) methodology. This will include the conduct of credible threat assessments, determination of asset values, and vulnerability assessments leading to a comparison against risk management targets.
  • Security Control Design: The development of security control designs or plans (including C-class cost estimates) covering governance, administrative, physical, procedural and technical security controls. The security control design process is guided by sound security practices applied through structures including Security System Engineering (NIST 800-160), measurement and metrics (NIST 800-55), and the Cybersecurity Risk Management Frameworks (NIST 800-30/37).
  • Technical Cost Estimating and Controls: Ensuring that technical costs are properly estimated, documented and reported, including cost estimates associated with Engineering Change Proposals and Requests for Variance from an established design baseline.?
  • Conduct of Inspections:?Conducting the research, coordination, planning, and verification activities associated with verifying that CSC security requirements are being adhered to by those providing goods or services to the program. This will involve a combination of research, site inspections, interviews and other activities intended to lead to a report as to whether an organization, facility or activity is meeting CSC Security requirements.?
  • Conduct of Assessments: Conducting all aspects of the inspection but including activities intended to identify residual risks to the confidentiality, integrity, availability, or public confidence regarding the CSC project.
  • Plan Management:?Participating in external and internal working groups for the development, refinement, management and monitoring of the Cyber Security Management Plan (CSMP), relevant sections of the Supply Chain Management Plan (SCMP) and contributing to System Engineering Management Plan (SEMP) and its relevant sub-plans.
  • Training, Awareness, Mentoring and Capacity Building:?Involved in the design, development, delivery, and management of awareness materials (bulletins, alerts, etc.) and training materials (workshops, short courses) intended to raise the awareness of the Security Assurance Team's activities in the supply chain space. This also includes working with more junior positions to affect knowledge transfer and capacity building through mentoring, coaching, and internal instruction.
  • Provide supply chain risk assessment, monitoring and security-control design expertise during requirements definition, design, integration, test, and production phases to ensure that fully compliant and certified systems are provided in accordance with requirements, governing standards, and sound engineering practice.
  • Provide guidance during requirements definition, design, integration, test, and production phases to ensure that sound security practices as defined in the NIST 800-160 Agreement, Project and Organizational Enabling and Technical Management documents are being adhered to. This will also involve ensuring that such guidance align coherently with ISO 9001:2015 and ISO 28000 quality management and supply chain security guidance.
  • Further develop, manage, execute and monitor activities associated with risk assessment, security control design, monitoring and compliance activities, incident reporting and continuous improvement in the Supply Chain Security context.
  • Develop a comprehensive technical risk register using Predict software and monitor, document, update and report on risk status.
  • Develop plans, processes and procedures as required in support of program requirements.
  • Participate in, or lead, Working Groups, as required, for assigned Supply Chain activities.
  • Provide accurate status reports on assigned activities to the management team.
  • Establish and maintain strong working relationships with internal and external stakeholders?
  • Support Project Management and ISI initiatives as required for the CSC project to succeed.
  • Support a culture of teamwork, enthusiasm and a proactive nature within the Security Assurance Team.
  • Be a role model for professional behavior

Mandatory Qualifications:?
  • Certification in a relevant maritime inspection or audit regime by an internationally recognized association or regulatory body accepted organization.?
  • A minimum of five years' experience in any two of the following:
  • Experience in at least two of ship design, inspection, classification, or operations; or
  • Experience conducting assessments on large, complex supply chains for companies or organizations; or
  • Experience in at least two of the conducting of inspections, site assessments, or audits relevant to defense procurement or the maritime industry. The focus of these is to be manufacturing, software development or service provider facilities; or
  • Experience in conducting threat assessments, plan development, or the delivery of security program related training materials in (or for) an organization or community of organizations of over 500 persons.
  • Any of the following professional certifications:
    • Certified Lead Auditor under any one or more of ISO 9001, 27000, 28000, or 31000
    • Certified Protection Professional (CPP)
    • Certified Information Systems Security Professional (CISSP)
    • Physical Security Professional (PSP)?
    • Professional Certified Investigator (PCI)
    • Associate Business Continuity Professional (ABCP)?
    • Certified Business Continuity Professional (CBCP)
    • Project Management Professional (PMP)
      Or a willingness to achieve certification in any one of these (candidate's discretion as depending on organizational needs) within the first year.
  • Experience in the conducting of audits
  • Understanding of ship construction
  • Experience working in design, production and / or test on a ship construction program
  • Experience in Integrated Logistics Support
  • Experience with certification and accreditation of Naval Combat Systems or ship infrastructure
  • Providing security guidance in large, complex defence engineering projects
  • Coordination with multiple complex organizations
  • Understanding of maritime operations and ship infrastructure
  • Knowledge of a shipyard production environment
  • Excellent written and oral communication skills

Desired Qualifications:
  • Advanced level education (master's degree / certificate) involving supply chains, business management, technical crime (white collar).
  • Bonus: Industry experience in supply chain / warehousing experience for large defence program.
  • Other desirable certifications include any of the following:
    • Completion of the in-class training element for Lead Auditors under ISO 9001, 27000, 28000, or 31000.
    • Physical Security Professional (PSP)
    • Certified Ethical Hacker (CEH)
    • Offensive Security Certified Professional (OSCP)
    • Certified Protection Professional (CPP)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Security Manager (CISM)
    • Certifications in technical network architecture / design
  • Demonstrated knowledge and experience in the following areas:
    • Working with project management / business analysis processes, planning & execution; Systems Security Engineering, Systems Security Architecture, Security Design Principles, Security testing and validation.
    • Use of systems engineering related tools (i.e. DOORS, CAMEO).

Gibbs & Cox is a VEVRAA Federal Contractor and an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. The VEVRAA, VEVRAA | U.S. Department of Labor (dol.gov), covers veterans.

@2021 Gibbs & Cox, Inc. Gibbs & Cox, Gibbs & Cox logo are registered trademarks. All rights reserved


This job has expired.

More Defence and Military jobs



Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.