Information Systems Security Manager (ISSM) II

About The Position

Requirements

• 7 years related experience as an ISSO or ISSM required with 9 years' desired.
• 2 Years SAP Experience required (Clearly place number of SAP experience years at the beginning of the resume)
• Prior performance in roles such as ISSO or ISSM
• Master’s degree or equivalent experience (6 years)
• Must have expert knowledge of DoD, National and applicable service and agency security policy, manuals and standards.
• Must be able to regularly lift up to 50
• Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 3 or Information Assurance Manager Level 3
• Current Top Secret Clearance with SCI Eligibility
• Prior experience for access to Special Access Program Information
• Willingness to submit to a Counterintelligence polygraph

Responsibilities

• Perform oversight of the development, implementation and evaluation of information system security program policy; special emphasis placed upon integration of existing SAP network infrastructures
• Develop and oversee operational information systems security implementation policy and guidelines of network security, based upon the Risk Management Framework (RMF) utilizing the Joint Special Access Program Implementation Guide (JSIG)
• Advise customer on Risk Management Framework (RMF) assessment and authorization issues
• Perform risk assessments and make recommendations to DoD agency customers
• Advise government program managers on security testing methodologies and processes
• Evaluate authorization documentation and provide written recommendations for authorization to government PMs
• Develop and maintain a formal Information Systems Security Program
• Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties
• Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation
• Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
• Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning
• Maintain a and/or applicable repository for all system authorization documentation and modifications
• Institute and implement a Configuration Control Board (CCB) charter
• Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
• Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements
• Periodically review system security to accommodate changes to policy or technology
• Coordinate all technical security issues outside of area of expertise or responsibility with ISSE
• Provide expert research and analysis in support of expanding programs and area of responsibility as it pertains to cyber security and information technologies activities