(602) Information Systems Security Manager III

About The Position

Requirements

• Must be a U.S. Citizen
• Active Secret security clearance
• Master's degree in computer science, information technology, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university
• Eight (8) years of experience coordinating with various levels of an organization to oversee and manage information security program implementation
• Experience managing cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources
• Must possess one of the following certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP
• IAM-II certification level
• Experience with DoD Information Assessment and Authorization (A&A) process and Risk Management Framework (RMF)

Nice To Haves

• Experience with enterprise security technologies and tools including eMASS and VRAM
• Knowledge of NIST Special Publications and DoD cybersecurity instructions
• Experience with Navy and DoD organizational structures and policies
• Familiarity with NAVSEA cybersecurity requirements and procedures
• Experience with vulnerability management and continuous monitoring
• Demonstrated leadership abilities and strong communication skills

Responsibilities

• Support IT security goals and objectives to reduce overall organizational risk
• Communicate the value of IT security throughout all levels of organization stakeholders
• Coordinate with various levels of the organization to oversee information security program implementation
• Manage cyber strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources
• Assist with facilitating communication between all RMF stakeholders throughout the RMF process Security Assessment and Authorization
• Assist with the collection of data needed to meet system cybersecurity reporting requirements
• Assist with security improvement actions as they are evaluated, validated, and implemented
• Participate in information security risk assessments during the Security A&A process
• Assist with identifying security requirements specific to IT systems in all phases of the system life cycle
• Coordinate with programs to resolve findings identified during internal and external review processes
• Assist with cybersecurity inspections, tests, and reviews for the network environment
• Assist with identifying alternative information security strategies to address organizational security objectives
• Interpret patterns of noncompliance to determine their impact on risk levels and overall effectiveness of the enterprise's cybersecurity program
• Track audit findings and recommendations to ensure appropriate mitigation actions are taken
• Monitor systems for upcoming authorization conditions/stipulations, upcoming or past due POA&M items, and SLCM activities
• Develop findings reports and recommended corrective actions for identified deficiencies
• Report system compliance in DON Application and Database Management System (DADMS), Department of Defense Information Technology Portfolio Repository - Department of the Navy (DITPR-DON), and Vulnerability Remediation Asset Manager (VRAM)
• Assist with Quality Assurance (QA) reviews for RMF package submissions in accordance with NSWCPD and NAVSEA 03 SOP
• Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures consistent with the organization's mission and goals
• Track and respond to Cybersecurity data calls per Government guidance