Info Systems Security Manager

About The Position

Requirements

• Bachelor's degree in an appropriate area and six years of relevant experience
• OR a high school diploma or equivalent and ten years of relevant experience

Nice To Haves

• Intermediate level knowledge of client/server, network topology, network/infrastructure security, network operating systems, and web technologies
• Understanding of Risk Management frameworks as described in NIST SP 800-37
• Knowledge of security and privacy requirements such as FISMA Security Requirements and their effects on delivering software to Federal Agencies
• Familiarity with multi-platform environments and their operational/security considerations
• Working Knowledge of Operating Systems such as: Linux, Windows, UNIX
• Working knowledge of LDAP, Active Directory and other Identity Providers
• Understanding of middleware and web servers such as Apache and IIS, JBoss
• Intermediate level problem solving skills
• Teamwork and communication skills including speaking and writing skills
• Knowledge of industry trends
• Minimum of 7 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web monitoring tools, techniques, and threats
• Background in systems administration
• Experience implementing and supporting infrastructures that meet and adhere to the controls defined in the DoD Intelligence Information System (DoDIIS) – Joint Security Implementation Guide (DJSIG) and the DoD Joint Special Access Program Implementation Guide (JSIG)
• Successful experience implementing and supporting the Risk Management Framework (RMF) as defined in the above directives
• Experience implementing and supporting Defense Information System Agency (DISA) Secure Technical Implementation Guides (STIG) for Red Hat Linux and Microsoft Windows Server Operating Systems
• Experience with the use of NIST SP 800-53r4 for SSP documentation
• Experience in application development lifecycles
• Experience engaging with large engineering, development, and operations teams
• Understanding and experience with vulnerability scanners including static, dynamic, and Host, OS and Database scanners such as Nessus
• IAM Level III Certification (GSLC, CISM and/or CISSP)
• Institutional knowledge of the University of Florida’s IT environment and information systems
• Flexible in work style and able to work in open workspace environment
• An active DOD Secret Security Clearance
• DoD 8570 Compliance

Responsibilities

• Serve as the principal advisor on all matters, technical and otherwise, involving the security of the Information Systems for FLARE
• Maintain the overall security posture of the systems within FLARE
• Be accountable for the implementation of the UF Risk Management Framework (RMF)
• Produce/develop security documentation (e.g., SSP, POA&M, reporting, process, and procedures, and supporting artifacts, etc.)
• Ensure that the user community understands and adheres to necessary processes and procedures to maintain security through a robust training and awareness program
• Ensure the fulfillment of the Information Owner, IO, data requirements (e.g., storage, processing, AFT, incident response, collection, dissemination, and disposal)
• Perform cybersecurity (monitor, audit, analyze) enterprise information systems support for events to include unauthorized access, insider threat, hacking or penetration attempts from known threats
• Identify presence of unauthorized software or malicious code on both classified and unclassified networks and reporting them as necessary
• Implement security controls that protect the Information Systems, IS, during development, testing and production stages
• Implement and maintain the IS in accordance with the agreed-upon security controls documented in the SSP
• Take necessary actions to proactively address issues and guide support personnel to preclude system failures or disruptions
• Identify and address vulnerable computers that may be used in exploitation, data infiltration, and data compromise
• Develop incident management, change management and the Continuity of Operations Plan (COOP)
• Ensure review of weekly bulletins and advisories that impact security of site information systems to include AFNOSC-NSD, ACERT, NAVCIRT, IAVA, and DISA ASSIST bulletins
• Ensure that periodic testing is conducted to evaluate the security posture of the ISs by employing various intrusion/attack detections and monitoring tools
• Manage COMSEC Support, Emission Security and eMASS, ITIPS or Xacta
• Manage UL-2050 standards for closed rooms
• Collaborate with UF Research Integrity, Research Computing, UFIT, FLARE Security (AFSO and ASMs) and Director if/as necessary in order to maintain the overall security posture of operations
• Perform other duties as assigned by supervisor, as needed