F-35 Info Sys Sec Manager Orlando, FL

About The Position

Requirements

• Previous leadership experience
• Secret Clearance with the ability to obtain and maintain program access
• IAM Level III Certification (CISM, CISSP, or GSLC)
• Previous ISSM Experience
• Proven knowledge of the DCSA Assessment and Authorization Process Manual (DAAPM), Joint Special Access Program Implementation Guide (JSIG), or Risk Management Framework (RMF).
• Experience in the development of cybersecurity policies, processes, and procedures
• Excellent written and verbal communication skills, with the ability to effectively interface with numerous cognizant security agencies, customers, and senior leadership.
• Demonstratable experience with standard cybersecurity and network environment tools and applications, including: SIEM, ESS, DLP, IAM, Vulnerability Scanning, etc.

Nice To Haves

• Proven expertise in Dev/Sec/Ops concepts and processes, with the ability to apply them in real-world scenarios, including: Expertise in Splunk, including: Writing queries, Creating dashboards, Implementing third-party apps (e.g., Qmulos Products). Experience with network design processes, including: Understanding security objectives, Operational objectives, Risk mitigation strategies for information systems.
• DoD 8140/8570 IAT/M or IASAE Level-III Certification, such as: CCSP, CISSP-ISSAP, CISSP-ISSEP.
• Demonstratable experience working with complex operating systems and networks, including: Cloud environments Cross-domain solutions NSA Type 1/Commercial Solutions for Classified (CSfC) encryption solutions
• Demonstratable experience conducting internal and external customer assessments, including: Identifying areas for improvement Providing recommendations for remediation Developing and implementing corrective action plans

Responsibilities

• Developing all applicable cybersecurity policy, plans and procedures
• Ensuring required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems.
• Monitoring and recognizing non-compliance, suspicious and anomalous activity (i.e., threats), and effectively reporting such activity and associated risks to the appropriate parties.
• Ensuring plans of actions and milestones or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, etc. and implementing, or overseeing, required corrective actions.
• Overseeing role-based cybersecurity training for assigned users.
• Creating, collecting and retaining data to meet reporting requirements.
• Overseeing the monitoring and correlation of data (e.g., logs, events, activity, etc.) from a variety of sources (e.g., Splunk, ELA, ePO, ESS, ACAS, etc.) to identify and mitigate threats, vulnerabilities and non-compliance.
• Investigating, analyzing and responding to cyber events, incidents and non-compliance, to include trend analysis, assembling detailed written reports and briefing the appropriate parties.
• Leading the development and implementation of government approved information security procedures and plans (multiple networked systems)
• Coordinating with government agencies for approvals
• Consulting on the design, development, integration, and analysis of classified computing systems
• Lead self-inspection reviews and comprehensive investigation of computer security incidents
• Collaborating with other organizations, to include Program Security, Engineering, Program Management, and others when necessary

Benefits

• Lockheed Martin supports a variety of alternate work schedules that provide additional flexibility to our employees.
• Schedules range from standard 40 hours over a five day work week while others may be condensed.
• These condensed schedules provide employees with additional time away from the office and are in addition to our Paid Time off benefits.