Information System Security Manager - (TS/SCI Required)

About The Position

Requirements

• Bachelor's degree or equivalent additional years of experience.
• 6+ years as an Information System Security Officer (ISSO) in a DoD, IC, or other industrial security program and in-depth understanding of DoD 8500 series, NIST 800 series, and ICD 503, Joint Special Access Program Implementation Guide (JSIG) and overall understanding of DoD Risk Manage Framework (RMF) process.
• Experience working with vulnerability and compliance scanning tools. (Nessus, SCAP, Splunk, ACAS, STIG Viewer).
• Familiarity with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management.
• Working knowledge with Microsoft Windows operating systems (workstation & server), Linux, and system virtualization in a secure network environment.
• Strong written communication and organizational skills
• Interpersonal skills to deal courteously and effectively with a diverse group of individuals.
• Ability to work well under pressure and possess advanced problem-solving skills.
• Possess a current DoD 8570.1/DoD 8140.01 Certification – Security+ CE a minimum.
• Active Top Secret Security Clearance with SCI eligibility.
• Ability to travel up to 10%.

Nice To Haves

• 2+ years as an Information System Security Manager (ISSM) supporting SAP/SCI environments.
• Experience communicating directly with the government Security Control Assessor (SCA) to attain authorizations and approvals to support business operations and ensure compliance.
• Experience establishing new programs; interpreting customer requirements and controls, understanding engineering technologies, customizing policies, and developing the SSP and required artifacts to attain and support long-term compliance.

Responsibilities

• Work independently as well as with a team of Information Assurance Professionals.
• Responsible for ensuring Information System Compliance with the potential to span multiple business areas or programs.
• Assess, document, and recommend controls based on a thorough understanding of RMF, NISPOM and other NISP regulatory requirements, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
• Document compliance actions within the approved automated compliance tracking system or develop a Plan of Actions and Milestones (POA&M) to address non-compliance.
• Participate in internal/external security audits/inspections; perform risk assessments and continuous monitoring.
• Ensure systems are operated, maintained, and disposed of in accordance with the governing authority approved authorization package and customer directives.
• Develop procedures and documentation to ensure compliance with Configuration Management (CM) for security relevant IS software, hardware, and firmware.
• Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered. Follows-up to ensure completion and quality resolution.
• Assesses and revises policies and procedures as needed to improve quality, timeliness, and efficiency of work.