Information Systems Security Manager

About The Position

Requirements

• 5+ years of experience with NIST RMF policies, including continuous monitoring and information system security policies, standards, and procedures
• 3+ years of experience supporting system ATO processes and creating artifacts, control implementation details, and POA&Ms
• Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk, and Compliance (GRC) security documentation tool, RMF, and security compliance processes
• Knowledge of the DoD RMF process
• Knowledge of DoD A&A processes and standards
• Ability to travel up to 25% of the time
• Secret clearance
• HS diploma or GED
• Security+ Certification
• Certified Information Security Manager (CISM), Certified Information System Security Professional (CISSP) or Associate, or GRC Certification

Nice To Haves

• Experience with the Enterprise Mission Assurance Support Service (eMASS), Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), Assured Compliance Assessment Solution (ACAS), Ports, Protocols, and Services Matrix, Vulnerability Remediation Asset Manager (VRAM), and Host-Based Security System
• Experience using Microsoft Office products, including Word, Excel, PowerPoint, and Visio
• Experience managing the authorization status of DoD RMF from step 1 through step 6
• Ability to interface with senior leadership
• Ability to prioritize and react to changing requirements with a sense of urgency to meet deliverables on time
• Ability to manage and prioritize work independently
• Ability to juggle multiple tasks, tight deadlines, and changing priorities
• Possession of excellent verbal and written communication skills

Responsibilities

• Provide guidance in the modification and review of existing ATO documentation
• Proactively provide insight into the documentation packets for ATO
• Communicate risks with the internal team and client
• Integrate information assurance solutions within architecture, system, or system components
• Participate in information systems (IS) risk assessments
• Participate in continuous monitoring
• Design of security mitigation or remediation solutions for identified risks
• Ensure the architecture and design of Army IS is functional and secure
• Use expertise and judgment to plan and accomplish security-related goals
• Support system or network designs that encompass multiple data centers or networks, including those with differing data protection and classification requirements

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program