Information Systems Security Manager (ISSM)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Engineering, or a related scientific or technical discipline (3 years of work experience in Cybersecurity may be considered in lieu of Bachelor’s degree).
• 10+ years of work experience in Information Assurance/Cybersecurity.
• Experience as an ISSO, ISSE, or ISSM for a complex system.
• Certified Information Systems Security Professional (CISSP) Certification or equivalent.
• Ability to translate cybersecurity related policies and guidance into system requirements.
• Experience with cybersecurity assessment and authorization processes such as the Risk Management Framework.
• Understanding of common vulnerabilities and associated risk mitigation strategies.
• Experience with cybersecurity policy and processes, architectures, testing and evaluation procedures, including Zero Trust.
• Articulate complicated security concepts in cross-functional planning, coordination and task execution across the spectrum of systems engineering and integration activities.
• With minimal oversight, be able to sort through complex issues, prioritize them accordingly, advocate for resources, and elevate to management as necessary.
• Effective interpersonal and team-building skills, to engage at both the engineer and management levels to build confidence and collaboration between team members.
• Strong written and verbal communications skills.
• Experience with COMSEC key management and familiarity with cryptographic equipment lifecycle management concepts.
• The ability to work in a secure, confined location (i.e., SCIF).
• Must have an active TS/SCI clearance to be considered for this position.

Nice To Haves

• DoD 8570.01-M IAT Level III approved cybersecurity baseline certification.
• Master’s degree in Cybersecurity, Engineering, or a related scientific or technical discipline.
• Computing Technology Industry Association Security + Certification.
• Understanding and experience in the acquisition life cycle for information systems.
• Experience in security control evaluation, testing, and assessment in complex system environments.
• Familiarity with security tools for implementing and assessing security compliance (e.g. SCAP, STIGS, ACAS).
• Experience deploying and maintaining a Security Information and Event Management system for a multiple operating system enterprise.

Responsibilities

• Maintain and enforce all cybersecurity policies, standards, and directives to ensure assessment and authorization of information systems processing classified information.
• Participate in IT architecture design reviews to assess and ensure compliance with cybersecurity requirements.
• Ensure cybersecurity principles are embedded in systems engineering efforts for ground and space systems in multiple classified computing domains.
• Integrate the Risk Management Framework throughout the system acquisition lifecycle.
• Create, review, and assess RMF related artifacts for acceptable implementation of cybersecurity principles.
• Develop, coordinate, and implement cybersecurity strategies.
• Evaluate and apply government cybersecurity (DoD, NIST, FIPS, and CNSS) policies and instructions as necessary.
• Conduct program and technical risk assessments to determine necessary cybersecurity protection measures.
• Monitor the evolving state of industry knowledge and application to information security best practices.
• Interface with other government organizations during security evaluation of engineering design solutions.
• Provide technical security evaluation support to the Security Control Assessor (SCA) during contractor assessment and authorization activities.
• Evaluate the continued effectiveness of implemented protection measures within the authorization boundary.
• Prepare, review, and present technical reports and briefings.
• Provide mentoring and technical leadership to the cybersecurity program team.

Benefits

• 401K plan with company match
• medical
• dental
• vision
• life insurance
• AD&D
• flexible spending account
• disability
• paid time off
• flexible work schedule
• professional training and development