Information Systems Security Manager (ISSM) III

About The Position

Requirements

• 2+ years of related experience in Information Security.
• Current Top-Secret Clearance with SCI Eligibility.
• Expert knowledge of DoD, National, and applicable service and agency security policies.
• Bachelor's degree or equivalent experience (4 years).
• Must meet certification requirements outlined in DoD Directive 8570.01-M for IAT Lvl II or IAM Lvl II within 6 months of hire.

Nice To Haves

• 10+ years related experience preferred.
• Some SAP experience required.

Responsibilities

• Lead and maintain productive relationships with DoD agency managers and senior leadership.
• Participate in strategic planning and implementation of the Cyber Security Program.
• Provide expert input to cyber security policy formulation based on the Risk Management Framework (RMF).
• Advise customers on RMF assessment and authorization issues.
• Develop and implement a security assessment plan.
• Perform risk assessments and make recommendations to DoD agency customers.
• Advise government program managers on security testing methodologies and processes.
• Evaluate authorization documentation and provide written recommendations for authorization.
• Develop and maintain a formal Information Systems Security Program.
• Ensure necessary training for IAOs, network administrators, and cyber security personnel.
• Develop, review, and recommend actions on system assessment documentation.
• Ensure approved procedures for clearing, sanitizing, and destroying hardware and media are in place.
• Develop and execute security assessment plans for protection levels.
• Institute and implement a Configuration Control Board (CCB) charter.
• Maintain a repository for all system authorization documentation and modifications.
• Develop policies for responding to security incidents and investigating violations.
• Ensure proper protection measures are taken for discovered vulnerabilities.
• Establish data ownership and responsibilities for each authorization boundary.
• Develop and implement an information security education and training program.
• Evaluate threats and vulnerabilities to ascertain additional safeguards needed.
• Assess changes in the system that could affect authorization.
• Coordinate with PSO on approval of external information systems.
• Conduct periodic assessments of the security posture of authorization boundaries.
• Ensure configuration management for security-relevant changes is documented.
• Conduct periodic testing to evaluate the security posture of IS.
• Ensure system recovery processes are developed and monitored.
• Ensure all authorization documentation is current and accessible.
• Establish a self-inspection program within the organization.
• Periodically review system security to accommodate policy or technology changes.
• Coordinate technical security issues with ISSE.
• Provide expert research and analysis for expanding programs in cyber security.

Benefits

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team for career support
• Professional growth opportunities including paid education and certifications
• Extra paid vacation and holidays