Information Systems Security Manager

About The Position

Requirements

• Bachelor's degree in an applicable field and at least five years of relevant experience
• Preferred Security+ (or equivalent) certified
• Ability to perform risk assessment and risk management for classified information systems
• Ability to obtain Security Clearance, for which the United States Government requires United States citizenship
• Strong written and verbal communication skills
• Ability to maintain organized and complete records
• Ability to prioritize competing demands and complete tasks on schedule
• 5+ years of progressive experience in information security
• Expertise in RMF and ATO processes
• Previous experience with classified information system security management and administration
• Proven ability to translate CMMC/NIST SP 800-171 requirements into documented, implementable procedures
• Experience maturing a cybersecurity program, including developing processes and documentation
• Strong background in defense contracts and classified information handling procedures.
• Experience implementing and assessing systems using DISA STIGs for Windows and Linux operating system
• Experience in implementing and monitoring technical, administrative, and operational security controls

Nice To Haves

• 3+ years of experience in assessing and documenting test or analysis data to show cybersecurity compliance to auditors
• Experience with Microsoft Intune, Azure, Active Directory, Group Policy, and System Administration
• Experience with submitting and managing accreditation packages to Enterprise Mission Assurance Support Service (eMASS)
• Use of automated vulnerability and compliance scanning tools such as Security Content Automation Protocol (SCAP), Compliance Checker (SCC), Security Technical Implementation Guides (STIGs), and Nessus
• Experience with SIPRNet installation, deployment, and management

Responsibilities

• Achieve and maintain Authorization to Operate for classified information systems
• Manages Risk Management Framework (RMF) process
• Leads and supports security assessments and audits
• Perform tasks to meet continuous monitoring requirements such as audit log reviews, security patching, and hardware/software configuration
• Lead the organization's CMMC compliance program, ensuring alignment and adherence to DoD cybersecurity standards (NIST SP 800-171, etc.)
• Develop, document, and guide the implementation of practical, actionable information security policies, procedures, and controls aligned with CMMC and NIST standards (SSP, POAM, etc.)
• Continuously assess, refine, and manage the implementation of security controls across the enterprise architecture, using security metrics to drive improvements
• Provide clear technical guidance to the IT team on the implementation and operation of security measures
• Evaluate and recommend emerging cybersecurity technologies and best practices relevant to our environment
• Support the Facility Security Officer in other security disciplines such as COMSEC, physical security, document control, Insider Threat, OPSEC, and visit requests
• Perform other duties as assigned

Benefits

• Comprehensive Leave plan (Paid Time Off)
• Comprehensive Health Care package including Medical, Vision, Dental, Health Savings Account (HSA), and more
• 401 (k) retirement plan
• Paid Overtime
• Flex Time and Flexible Scheduling
• Opportunities to travel
• Tuition Reimbursement options
• Casual and relaxed work environment