Information Security System Manager

About The Position

Requirements

• MUST BE U.S Citizen
• Federal background investigation required; ability to obtain or possess moderate-to-high federal clearance preferred
• Bachelor's Degree in Information Assurance, Engineering, or Computer Science
• Advanced security certifications (CISSP, CISM, GIAC, CAP, or CCSP).
• Must meet specific certification and training requirements in accordance with DoD 8570.1-M, DoDD 8570.1
• Minimum ten (8) years of relevant focused experience
• Excellent oral and written skills.
• Excellent critical thinking skills.
• Proficient in Microsoft applications such as Word, Excel, PowerPoint, and Outlook.
• Ability to work independently and as a team member
• Ability to learn and apply technical concepts to assigned duties

Responsibilities

• Integrate security & privacy into SDLC: participate in planning, architecture sessions, sprint/design reviews; provide SDLC-phase written recommendations and review comments.
• Advise on control selection, inheritance, tailoring, and baselines aligned to FIPS 199 categorizations.
• Produce control mapping matrices (system functions → NIST 800-53 Rev. 5).
• Translate NIST 800-53 Rev. 5 controls into actionable technical/procedural implementation steps; provide implementation guidance for logging, encryption, secure API management, IAM, DevSecOps, secure configs, and CI/CD pipelines. Produce iteration-level control implementation review summaries.
• Review implementation artifacts (code snippets, configs, diagrams, test results) and recommend tools, design patterns, and architectural controls consistent with federal/agency standards.
• Provide privacy guidance: implement PT/AR/AP/DI/IP family controls, support PIAs, data flow analyses, privacy risk assessments, and TPWA assessments. Produce privacy control matrices and updated data flow diagrams.
• Develop and update RMF artifacts in NIH templates: SSP, SAP, SAR, POA&M, Continuous Monitoring Strategy; assist with FIPS-199, E-Authentication, and system registration in NIH GRC.
• Support incident response and privacy breach activities, website privacy policy maintenance, data calls, and promotion of privacy practices. Lead or coordinate incident response as required.
• Conduct training, workshops, and knowledge transfer for developers, PMs, security staff; produce training materials, job aids, and summary knowledge transfer reports.
• Develop and maintain security/privacy procedures, templates, workflows, and startup kits to ensure ongoing compliance with NIST SP 800-53 Rev. 5, Privacy Act, NIH, and federal requirements.