Cybersecurity Team Lead

Who We’re Looking For (Position Overview):

Spry Methods is looking for an experienced Cybersecurity Team Lead to manage a medium-size team of professional analysts to support the Department of Transportation (DoT) Federal Railroad Administration (FRA). The Team Lead will manage a variety of cybersecurity program support activities and serve as the primary source of contact for the government/customer. This position is remote work with limited potential for travel.

What Your Day-To-Day Looks Like (Position Responsibilities):

• Daily responsibilities include, but are not limited to the following:
• Oversee the daily activities of the cybersecurity analysts.
• Assign tasks, set priorities, and ensure efficient workflow.
• Conduct regular team meetings to discuss progress, challenges, and updates.
• Plan and execute security assessments.
• Review assessment reports and provide guidance on remediation.
• Collaborate with other teams (e.g., development, operations) to address findings.
• Monitor security controls and compliance with policies and standards.
• Review security logs and alerts.
• Investigate incidents and coordinate response efforts.
• Ensure timely reporting to management and stakeholders.
• Identify and assess risks related to systems, applications, and processes.
• Develop risk mitigation strategies and action plans.
• Work with stakeholders to implement risk controls.
• Develop and update security policies, standards, and procedures.
• Ensure alignment with industry best practices and regulatory requirements.
• Provide guidance and mentorship to analysts.
• Arrange training sessions to enhance team skills.
• Collaborate with vendors for tool evaluations.
• Engage with business units and other teams to address security needs.
• Track key performance indicators (KPIs) for the team.
• Prepare regular reports for management and executive leadership.

What You Need to Succeed (Minimum Requirements):

• Certified Information System Security Professional (CISSP). 
• Certified in Governance, Risk and Compliance (CGRC) certification. 
• Certified Information Privacy Professional (CIPP) 
• Certified Cloud Security Professional (CCSK) and other Cloud Certification as appropriate. 
• 5-8 years direct experience managing medium sized teams.
• Public Trust
• Experience drafting FISMA related artifacts to include: system security plans, incident response plans, configuration management plan, FIPS 199, digital identity risk assessments, security impact analysis, contingency plan, security assessment plans and reports, Plan of Action and Milestones (POA&M), and training materials. 
• Experience in applying NIST Special Publications to information systems.
• Experience with performing information system continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the security requirements. 
• Knowledge of cybersecurity tools such as: Tenable, Qualys, Governance Risk Compliance (GRC) tools (e.g. CSAM). 
• Experience conducting security assessments and/or audits. 

Ideally, You Also Have (Preferred Qualifications):

• PMP certification.
• 8+ years experience supporting federal organizations Cybersecurity programs.