Alternate Information Systems Security Manager (AISSM) - ACTIVE SECURITY CLEARANCE REQUIRED

LLNL•Livermore, CA

22d•Onsite

About The Position

Join us and make YOUR mark on the World! Lawrence Livermore National Laboratory (LLNL) has turned bold ideas into world-changing impact advancing science and technology to strengthen U.S. security and promote global stability. Our mission spans four critical national security areas nuclear deterrence, threat preparedness, energy security, and multi-domain defense empowering teams to take on the toughest challenges of today and tomorrow. With a culture built on innovation and operational excellence, LLNL is a place where your expertise can make a real impact. We have an opening for an Alternate Information Systems Security Manager (AISSM) to provide complex and dynamic security support to a variety of LLNL, DOE and customer missions. This position is in the Information Technology Solutions (ITS) Division supporting the Field Intelligence Element Operations organization within the Global Security Principal Directorate. This position requires full-time on-site presence due to the nature of the work. This position will be filled at either level based on knowledge and related experience as assessed by the hiring team. Additional job responsibilities (outlined below) will be assigned if hired at the higher level.

Requirements

This position requires an active Department of Energy (DOE) Q-level clearance or active Top Secret clearance issued by another U.S. government agency at the time of hire.
Bachelor’s degree in Computer Science, Engineering, Business, Information Systems, or related field, or the equivalent combination of education and related experience.
Advanced experience as an ISSO or AISSM managing classified systems in DOD, DOE, or IC environments (NISPOM, DAAPM, ICD 503, NIST 800-53).
Advanced knowledge of federal security regulations, Intelligence Community Directives (ICDs), DOD/DOE manuals, and company security policies/procedures.
Strong understanding and hands-on experience with the Risk Management Framework (RMF), including authoring and maintaining Body of Evidence (BOE) artifacts.
Advanced analytical, problem-solving, and organizational skills with the ability to prioritize and execute tasks in a dynamic environment.
Experience leading and coordinating internal information system security audits and assessments, participating in Government inspections and authorization activities, and overseeing investigation and mitigation of identified security risks and noncompliance in accordance with applicable policies and RMF requirements.
Advanced communication skills, with the ability to develop and maintain effective relationships with internal and external stakeholders.
Extensive experience obtaining Authority to Operate (ATO) for IT systems and applying advanced frameworks (NIST 800-53, CNSSI 1253, DISA STIGs, SCAP).
Advanced knowledge of, and significant experience with, applying DISA STIGs and SCAP Compliance Checker to information systems, and interpreting and implementing DOE, DoD, and Intelligence Community security policies and requirements in classified environments to support system authorization and ongoing security compliance.
Expert written and verbal communication skills for conveying technical strategies and building relationship across all organizational levels and sites.

Nice To Haves

COMSEC account management or opening new COMSEC accounts per sponsor requirements.
10+ years of experience as an IT Systems Architect/Engineer and/or Cyber Security Professional.
DoD Approved 8570 A Assurance Manager (IAM) Level II or III Certification: CAP, CISSP, GSLC, CISM, or CASP+ CE.

Responsibilities

Work with the FIE’s Cyber Manager and internal and external stakeholders, including LLNL, DOE, and other agencies, to identify cybersecurity requirements for assigned systems and support the planning and implementation of security solutions that meet mission needs.
Architect and engineer enterprise-wide systems and solutions to meet cybersecurity requirements, including authoring and maintaining Risk Management Framework (RMF) documentation and Body of Evidence (BOE) artifacts.
Exercise judgement to assess and mitigate system security threats and risks, analyze security events, and conduct investigations to ensure the integrity of the security posture.
Lead the preparation, coordination, review, and maintenance of Body of Evidence artifacts, including Information System Security Plans and POA&Ms, under the Risk Management Framework to obtain and sustain system accreditation with government sponsors.
Coordinate cybersecurity requirements for existing and new systems with Department of Energy (DOE) IN-40, Department of Defense (DoD), and other agencies to ensure mission accomplishment and the protection of sensitive information.
Assess and mitigate system security threats and risks using a risk-based approach.
Perform and analyze security audits for nonstandard events to ensure security posture integrity and conduct continuous monitoring activities on assigned information systems.
Perform other duties as assigned.
Partner with the FIE Cyber Manager to assist with collaboration and negotiation with internal and external stakeholders, including LLNL, DOE, and other agencies, to identify, prioritize, and oversee implementation of information system security solutions that meet mission requirements.
Provide security architecture guidance and oversight to ensure information systems are designed and engineered in compliance with LLNL, DOE, and external customer requirements, and that they meet programmatic risk and authorization objectives.
Represent LLNL’s Field Intelligence Element at external customer sites as the AISSM, communicating security posture, risk decisions, and compliance status, and coordinating with customers on security requirements and accreditation activities.