Corporate Information System Security Manager (ISSM)

About The Position

Requirements

• Two-year or Four-year degree in Computer Engineering, Computer Science, Information Systems Security/Assurance, or related field.
• 4+ years of ISSO experience or 2+ years of ISSM experience.
• 4+ years of Microsoft operating systems administration experience.
• 2+ years of experience with Assessment & Authorization (A&A) responsibilities, including ISSO, ISSM, policy development, control testing, POA&M management, and configuration management.
• Ability to obtain and maintain DoD 8140 IAM II certification
• Experience with working with DoD tools, including Enterprise Mission Assurance Support Service (eMASS), SCAP, DISA STIGs and other monitoring tools.
• Experience with performing cybersecurity compliance standards, including NIST Controls and DISA STIGS.
• Experience with Systems Administration, Information Systems Auditing, Data Security Analysis and/or Network Administration.
• Experience with Microsoft Office products.
• Strong organizational, analytical, and problem-solving skills.
• Solid communication skills, both in written, verbal, and interpersonal skills.
• Ability to self-prioritize tasking and work multiple projects in tandem while meeting mission objectives and strict timelines.
• Ability to develop and maintain effective working relationships across the organization.
• Willingness to jump in and support various diverse IT-related tasks when needed to support the mission.

Responsibilities

• Oversee and manage the risk posture of the KODA classified AIS in accordance with the NIST 800-37 Risk Management Framework (RMF) process, working directly with Defense Counterintelligence & Security Agency (DCSA) Information System Security Professional (ISSP) to develop and implement the required strategy utilizing NIST 800-53 to accomplish KODA's missions.
• Maintain and monitor KODA's Cybersecurity Maturity Model Certification (CMMC) Level 2 certification in accordance with NIST 800-171 and DFARS 252.204-7012.
• Chair KODA's RMF and CMMC Configuration Control Boards (CCB) and make risk determinations supporting KODA's current risk posture as defined by current authorizations.
• Maintain KODA's RMF and CMMC Continuous Monitoring (ConMon) Plans to maintain system accreditation compliance.
• Develop and implement Plan of Action & Milestones (POA&M).
• Work collaboratively with System Administrators to conduct Cyber Security (CS) Risk Assessment Reports (RAR) to develop mitigation, remediation, and monitoring strategies in compliance with National Industrial Security Program Operating Manual (NISPOM, 32 CFR, Part 117) and DCSA Assessment and Authorization Guide (DAAG).
• Implement all applicable controls associated with obtaining and maintaining RMF Authorities to Operate (ATO) IAW NIST 800-37.
• Manage and report DCSA required RMF efforts to DCSA Information Systems Security Professional (ISSP) and Security Control Assessor (SCA).
• Provide recommendations to the Senior Information Systems Officer (SISO), associated project Team Leads, and Facility Security Officer (FSO) for process enhancements for DCSA-accredited IS.
• Assist the SISO and FSO in the effective implementation, assessment, improvement, and management of the KODA Security Program.
• Act as the liaison between KODA Leadership and the corporate IT and Cybersecurity Managed Service Providers regarding vulnerability scanning, mitigations, risk acceptance and overall system security posture.
• Support KODA's oversight and performance of other corporate computing efforts as needed, including monitoring of Help Desk ticket status, new hire IT onboarding, system administration, and inventory of KODA and government-furnished property.

Benefits

• competitive compensation
• excellent benefits
• commitment to professional growth