Cybersecurity – Senior Information System Security Manager (ISSM)

About The Position

Requirements

• Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years
• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
• 10+ years of combined experience and/or education in cybersecurity, IT, or a related field
• 10+ years of experience with the Risk Management Framework (RMF), cybersecurity policies, and RMF implementation (e.g., DAAG, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series)
• 5+ years of experience with cybersecurity leadership overseeing programs and teams, authorizing risk decisions, coordinating stakeholders, and improving security and compliance
• 5+ years of experience communicating complex technical risks, translating impact, and advising senior leaders

Nice To Haves

• Bachelor's degree or equivalent work or military experience
• 10+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• 10+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• 10+ years of experience assessing and documenting test or analysis data to show cyber security compliance

Responsibilities

• Provide technical guidance and mentorship to program leadership, fostering a culture of innovation and continuous improvement
• Lead the effort to develop and document best practices and methodologies for cybersecurity operations to ensure consistency and quality across the organization
• Communicate effectively with stakeholders to gather requirements, present architectural designs, and provide updates on project progress
• Work closely with cross-functional teams, including development, operations, and product management, to ensure alignment on project goals and deliverables
• Provide guidance for enterprise implementation of AI within classified environments
• Utilizes cybersecurity principles to analyze existing systems and processes, identifying areas for optimization and waste reduction to improve overall efficiency
• Define, collect, analyze, and refine Key Performance Indicators (KPIs) and metrics for cybersecurity deliverables and team execution to ensure continuous improvement and accountability
• Stay current with industry trends, emerging technologies, and best practices in cloud computing, cybersecurity requirements, DevOps, and apply this knowledge to enhance our solutions
• Primary point of contact with DCSA for a large portfolio of NISP classified systems across multiple divisions and product lines
• Apply an interdisciplinary, collaborative approach to lead activities to strategize, plan, design, develop and verify highly-complex security solutions to meet enterprise needs
• Provide strategic guidance and consultation on enterprise execution of the Risk Management Framework (RMF), security compliance and monitoring, the delivery of technical reports/briefings, root cause analysis and resolution and information security policy, standards, guidelines and procedure development/implementation
• Oversee, develop, design and conduct research that results in new requirements management methodologies or results in unique approaches that mitigate assessment and review findings
• Provide mentoring and technical leadership to the information security enterprise community for developing and enhancing security solutions
• Integrate technical, cost, value and risk considerations into the secure product definition
• Explore and shape industry knowledge and methods, tools and processes applicable to security solutions
• Represent the company in industry or academic forums
• Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
• Prepare, review, and present technical reports and briefings
• Identify root causes, prioritizes threats and recommends and/or implements corrective action
• Explore the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices

Benefits

• At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities. The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work. The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.