Information Systems Security Manager

University of Oklahoma•Norman, OK

About The Position

The Information System Security Manager (ISSM) will plan, program, budget, implement, manage, and oversee circuit management, classified information systems, networking equipment, encryption equipment, Communications Security (COMSEC), and all aspects of secure Information Technology environment. The ISSM will be responsible for developing all supporting documents, policies, and checklists to establish required capabilities and sustain classified or regulated information systems. This position will work closely with Defense Counterintelligence and Security Agency (DCSA) and federal authorities to ensure compliance for OU Classified Research IT capabilities.

Requirements

Bachelor's degree in Information Systems, Computer Science, other related field or specialized training required
24 months of experience working as an Information Systems Security Manager or Information Systems Security Officer and familiarity with the DSCA Enterprise Mission Assurance Support Service (eMASS).
Experience working with the DCSA Assessment and Authorization Process Manual, NIST Risk Management Framework, and NIST 800-53
Must be an effective communicator highly proficient in both oral presentation and written communication.
Must possess a TOP SECRET Department of Defense Security Clearance or ability to obtain.
In accordance with DoD 8570.01M and the DAAPM, the selected individual must have an IAM/T Level III Baseline Certification or attain one within 6 months of any the following conditions: USG-identified requirement, research contractual requirement, or after being directed by the FSO
Must be able to engage in repetitive motions and communicate effectively.
Frequent exposure to pressure caused by deadlines and busy periods; ability to communicate, including expressing oneself or exchanging information with others; ability to use a computer daily.

Nice To Haves

Experience in professional engagements with internal and external customers (i.e. AOs, DAOs, SCAs, Program Managers, etc.), to include negotiating controls and requirements with Government Contracting Activities.
Must have 12 months or more experience in SAP environment within the last five years.
Experience providing technical security expertise and oversight for complex, cross-domain, diverse classified networked environments in collaboration with internal/external Customers and Information Technology (IT)
Prior experience working with the Federal Government (DOD, DHS, IC or DOE) or working with industry or academic research environments.
Counterintelligence training and risk management program development.
Experience with Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and knowledge of Information Assurance Vulnerability Alerts (IAVAs).

Responsibilities

Responsible for overseeing and implementing the Cybersecurity Program in accordance with the National Industrial Security Program Operating Manual (NISPOM), DCSA Assessment and Authorization Guide (DAAG),DoD Special Access Program (SAP) Security Manuals, Risk Management Framework (RMF), Intelligence Community Directive (ICD-503), Joint Special Access Program (SAP) Implementation Guide (JSIG), Defense Counter-Intelligence Security Agency (DCSA), National Institute of Standards and Technology (NIST), along with any additional customer directives and company policies as applicable.
Obtain and maintain government Authority to Operate (ATO) by ensuring compliance with governing standards and frameworks, including NIST Risk Management Framework (RMF), NIST SP 800-53, ICD 503/705, CNSSI 1253, CMMC, NIST 800-171, and DISA STIGs.
Provide direction on near-term priorities while supporting ongoing longer-term objective and career development.
Maintain and organize group approaches, best practices, implementation and sustainment plans.
Build productive relationships with customer leads and mission partners.
Perform a mixture of ISSM/ISSO roles for multiple classified system, ensuring compliance with DoD and federal cybersecurity standards and frameworks.
Prepare and maintain security documentation including ATO packages, System Security Plans (SSP), Risk Assessments, and POA&Ms.
Collaborate with internal and external teams to maintain necessary security postures.
Collaborate with administrators and engineers to resolve technical issues while maintaining compliance.
Developing, maintaining, and overseeing the system security program and policies for OU classified research and controlled unclassified research.
Ensuring compliance with current cyber security policies, concepts, and measures when designing, procuring, adopting, and developing new systems.
Ensuring the fulfillment of IO data requirements including incident response, collection, dissemination, and disposal.
Developing and implementing an effective system security education, training, and awareness program.
Maintaining a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
Assess and Remediate vulnerabilities and mitigate risks using the SCAP Tool and POA&M Template in accordance with the National Industrial Security Program (NISP) and other contract-driven customer requirements.
Conduct Self-Inspections, Vulnerability Assessments and System Auditing
Perform duties as the COMSEC Responsible Officer (CRO) for Cryptographic materials and COMSEC Controlled Equipment as required.
Utilize the NISPOM as well as the DCSA Assessment and Authorization Process Manual (DAAPM) 2.2 to ensure compliance with Information System Security requirements.
Conduct other responsibilities as specified in the DAAPM and other federal regulations, policies, and guidance as required.
Other duties as assigned.