Information System Security Manager (ISSM)

About The Position

Requirements

• Typically require a Bachelor’s degree with eight (8) years of relevant cybersecurity, network security, and/or information technology experience or an advanced with five (5) years of relevant experience as described below.
• Ability to operate the single point-of-contact and SME for information security within R2S
• Experience supporting cybersecurity compliance as stipulated by the DAAG, Joint SAP Implementation Guide (JSIG), NISPOM regulations, CMMC L2 requirements, and NIST Controls
• IAM Level II certification DoD 8140 (8570) must be obtained within six months of hire.
• Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.
• Cybersecurity, systems security and hardening
• Compliance-based auditing using the Risk Management Framework (RMF)
• Experience working with and/or supporting computer technologies (such as: databases, operating systems, computer network hardware, software programs, hardware troubleshooting or electronics)
• Project or program management, office management, senior administration, or account management

Nice To Haves

• Master’s Degree in Computer Science, Information Systems, Information Technology, Cyber Security, or other relevant degree
• Experience with various information system security tools that address vulnerability analysis and mitigation. These may include Splunk, Forcepoint, Ivanti, Tenable, ACAS, HBSS, etc.
• Experience working with U.S. defense prime contractors
• Experience in the oversight and execution of the Assessment & Authorization processes (Certification & Accreditation), as defined in DAAG/JSIG/RMF/NIST
• Experience in the execution and management of Information System’s (IS) incident response.
• Experience in and execution of a continuous monitoring/improvement program
• Experience providing technical security expertise and oversight for complex, cross-domain, heterogeneous classified networked environments in collaboration with internal/external Customers, Information Technology (IT)
• Experience with any of the following: NISPOM, JAFAN 6/3, DCID 6/3, JSIG/RMF, and ICD-503, NIST or equivalent requirements to include technical computer/network system auditing
• Experience in professional engagements with internal and external customers

Responsibilities

• Complete all DCSA and R2S required training within 6 months of appointment (annual requirements thereafter).
• Accountability for all systems under site CAGE: metrics, eMASS, Continuous Monitoring (ConMon), and in-house system for unclassified system tracking
• Maintaining a working knowledge of all CIS functions, security policies, technical security safeguards, and operational security measures.
• Author and maintain security policies and procedures as required, to include conducting required training for the company.
• Interactions with DCSA SCA/ISSP to track items including, but not limited to, upcoming authorizations (ATO), new technologies solutions (i.e., new SIEM, OS, etc.), policy interpretations), and onsite A&A.
• Developing, maintaining, and updating, in coordination with all system stakeholders (CS Manager, ISO, DT, etc.), applicable site POAM(s) to identify system weaknesses, mitigating actions, resources, and timelines for corrective actions.
• Coordinating DCSA Security Reviews (SR) preparation activities for assigned CAGE in conjunction with site FSO/CS Manager.
• Collaborate with Digital Technology Lead for support to unclassified digital technology maintenance, administration, and security.
• Collaborate with the R2S FSO on maintaining a unified and coherent security architecture
• Collaborate with team members to ensure all budgetary and resource requirements are being appropriately planned for all activities