Information System Security Manager (TS/SCI & Expat to Guam Required)

Lockheed Martin•King of Prussia, PA

3d•Onsite

About The Position

PLEASE NOTE THIS POSITION REQUIRES THE CANDIDATE TO EXPATRIATE FULL TIME TO GUAM FOR 6-12 MONTHS WITH POSSIBILITY OF EXTENSION IN ADDITION, THE SELECTED CANDIDATE WILL BE REQUIRED TO ATTEND TRAINING IN KING OF PRUSSIA, PA UPON ONBOARDING. Who We Are: Lockheed Martin is a pioneer in cyber security—partnering, innovating, and building cutting edge solutions. Our talented employees tackle the world’s toughest engineering challenges every day, leveraging their unique skills and experiences to design and deliver breakthrough technology. We empower our people to think big, perform with excellence, and create extraordinary products. If you have the passion and courage to dream boldly, join our culture and help build a better tomorrow. We provide the resources, inspiration, and focus you need to succeed. The Work: Lockheed Martin’s Rotary & Mission Systems (RMS) division is seeking an experienced Information System Security Manager (ISSM) to protect mission critical OCONUS information systems. This role ensures confidentiality, integrity, and availability in line with DoD, NIST, and Lockheed Martin security policies, while providing day to day oversight across the system lifecycle. The ISSM is responsible for the oversight of the information system’s security posture. Emphasis is placed on the application and sustainment of the NIST security controls and ensures cyber security requirements are properly administered throughout the system. The ISSM serves as the principle advisor on all matters, technical and otherwise, related to the security of systems under their purview. Primary functions include development and maintenance of the body of evidence associated with the Risk Management Framework (RMF) process. Effective communication and an ability to work collaboratively as well as independently are key attributes needed to be successful in this role. Frequent interaction with internal and external stakeholders is required. The ISSM provides clear direction and assists program management with decision making relevant to the cyber security requirements defined on the contract. Frequent communication with the government Security Control Assessor (SCA) is required to ensure compliance is being met. Routine collaboration and consultation with the Classified Cyber Security Manager regarding the design, development, integration, and analysis of classified information systems is required. The ISSM is also a primary stakeholder and facilitator of the continuous monitoring efforts that promote RMF compliance throughout the organization.

Requirements

All candidates must possess a Final Top Secret Clearance w/SCI.
All candidates must possess a DoD 8570 IAM Level II certification or higher (e.g., CASP CE, CISM, CISSP, GSLC, or equivalent).
Demonstrated experience applying and documenting policy and system configurations that satisfy NIST 800-53 Security Control requirements across all Control Families.
Ability to interpret the requirements necessary for the effective implementation of Security Controls. Technologies include but are not limited to Windows, Linux, Virtualization, Network Infrastructure, etc.
Ability to develop and update relevant RMF artifacts such as the System Security Plan (SSP), Plan of Actions and Milestones (POA&M), Security Controls Traceability Matrix (SCTM), as well as the associated security policies and procedures.
Ability to perform continuous monitoring activities using Industry Standard tools such as Tenable Nessus, Security Center, Splunk, ELK, ePO, etc.
Experience leveraging Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) and configuration standards to support system hardening.

Nice To Haves

Experience working with and interpreting Security Directives, Policies, Publications and Regulations (e.g. ICD 503, JSIG, and/or DCSA Assessment and Authorization Guide (DAAG)).
Experience using cybersecurity tools such as Nessus, Splunk, SCAP, HBSS, STIG Viewer to support compliance and monitoring activities
Previous experience supporting SAP / SCI environments as an ISSM / ISSO.

Responsibilities

Direct day to day security management for classified systems.
Perform day-to-day information system security operations including auditing the IS and reviewing hardware and software baselines.
Maintain and update System Security Plans (SSPs), Authorization Packages, and Continuous Monitoring Strategies.
Conduct formal risk assessments, vulnerability analyses, and impact assessments; prioritize remediation actions and track mitigation status.
Participate in internal/external security audits and inspections.
Lead the preparation of Authority to Operate (ATO) packages and support periodic re authorizations.
Partner with program managers, engineers, acquisition personnel, and internal/external auditors to embed security controls early in the design and development phases.
Assist in conducting investigations of computer security violations and incidents, reporting as necessary.
Facilitate internal and external audits, ensuring timely closure of findings and ongoing compliance with all applicable regulations.
Ensure configuration management (CM) and IS security documentation is maintained.
Assist the development and delivery of security awareness training.