Cybersecurity – Senior Information System Security Manager (ISSM)

About The Position

Requirements

• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
• 10+ years of combined experience and/or education in cybersecurity, IT, or a related field
• 10+ years of experience with the Risk Management Framework (RMF), cybersecurity policies, and RMF implementation (e.g., DAAG, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series)
• 5+ years of experience with cybersecurity leadership overseeing programs and teams, authorizing risk decisions, coordinating stakeholders, and improving security and compliance
• 5+ years of experience communicating complex technical risks, translating impact, and advising senior leaders
• This position requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)
• This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a “U.S. Person” as defined by 22 C.F.R. §120.62 is required. “U.S. Person” includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee.

Nice To Haves

• 10+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• 10+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• 10+ years of experience assessing and documenting test or analysis data to show cyber security compliance
• 10+ years of experience in project management
• 5+ years of experience in a leadership role leading teams, initiatives, or projects to meet business objectives and influence change
• 5+ years of eMASS experience
• Excellent problem-solving skills and the ability to think critically and strategically
• Strong communication and interpersonal skills, with the ability to work collaboratively in a team environment

Responsibilities

• Provide technical guidance and mentorship to program leadership, fostering a culture of innovation and continuous improvement
• Lead the effort to develop and document best practices and methodologies for cybersecurity operations to ensure consistency and quality across the organization
• Communicate effectively with stakeholders to gather requirements, present architectural designs, and provide updates on project progress
• Work closely with cross-functional teams, including development, operations, and product management, to ensure alignment on project goals and deliverables
• Provide guidance for enterprise implementation of AI within classified environments
• Utilizes cybersecurity principles to analyze existing systems and processes, identifying areas for optimization and waste reduction to improve overall efficiency
• Define, collect, analyze, and refine Key Performance Indicators (KPIs) and metrics for cybersecurity deliverables and team execution to ensure continuous improvement and accountability
• Stay current with industry trends, emerging technologies, and best practices in cloud computing, cybersecurity requirements, DevOps, and apply this knowledge to enhance our solutions
• Provide oversight of DFARS/CUI and CMMC compliance across multiple programs
• Primary point of contact with DCSA for a large portfolio of NISP classified systems across multiple divisions and product lines
• Apply an interdisciplinary, collaborative approach to lead activities to strategize, plan, design, develop and verify highly-complex security solutions to meet enterprise needs
• Provide strategic guidance and consultation on enterprise execution of the Risk Management Framework (RMF), security compliance and monitoring, the delivery of technical reports/briefings, root cause analysis and resolution and information security policy, standards, guidelines and procedure development/implementation
• Oversee, develop, design and conduct research that results in new requirements management methodologies or results in unique approaches that mitigate assessment and review findings
• Provide mentoring and technical leadership to the information security enterprise community for developing and enhancing security solutions
• Integrate technical, cost, value and risk considerations into the secure product definition
• Explore and shape industry knowledge and methods, tools and processes applicable to security solutions
• Represent the company in industry or academic forums
• Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements
• Prepare, review, and present technical reports and briefings
• Identify root causes, prioritizes threats and recommends and/or implements corrective action
• Explore the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.