Cybersecurity - Information System Security Manager (ISSM)

About The Position

Requirements

• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
• 10+ years of combined experience and education in IT, cybersecurity, or related field
• 5+ years of experience with Risk Management Framework (RMF) and with cybersecurity policies and RMF implementation (e.g., DAAG, CNSSI 1253, ICD-503, JSIG, or NIST SSP 800 series)
• 5+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA, STIGs, SCAP, Audit Reduction, and HBSS
• 5+ years of experience with cybersecurity leadership overseeing programs and teams, authorizing risk decisions, coordinating stakeholders, and improving security and compliance
• 1+ years of experience implementing and sustaining Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012/National Institute of Standards and Technology (NIST) SP 800-171 controls and mapping to Cybersecurity Maturity Model Certification (CMMC) requirements
• Requires an active U.S. Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Nice To Haves

• Bachelor's degree or equivalent work or military experience
• 5+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• 5+ years of experience assessing and documenting test or analysis data to show cyber security compliance

Responsibilities

• Leads a team of Information System Security Managers (ISSMs) and Information System Security Officers (ISSOs) performing cybersecurity governance work on CUI, DFARS, and CMMC systems
• Performs security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
• Oversees configuration management of assigned systems; auditing systems to ensure security posture integrity
• Leads staff with assessments and test/analysis data to document state of compliance with security requirements
• Conducts risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities
• Conducts periodic hardware/software inventory assessments
• Serves as organization spokesperson on advanced projects and programs
• Acts as advisor to management and customers on advanced technical research studies
• Interfaces with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work