Information Systems Security Manager - TS/SCI with Poly Required

GCI Careers•Chantilly, VA

About The Position

GCI embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry. At GCI, we solve the hard problems. As an ISSM, a typical day will include the following duties: Work with technical team to design, develop, test, and implement new networks and network architecture using current technology, to include authorization and accreditation. Work with the technical team to complete requirements to obtain all required approvals and maintain compliance throughout the full lifecycle of the A&A process. Work with the customer and users to identify and develop system requirements taking into account the desired results, hardware limitations and operating requirements, identified by the Customer. Work with technical team to provide operational testing and recommendations for continuous improvement of equipment and software in support of customer's goals and objectives. Work with the technical team to coordinate across the customer's organization and business partners to expedite operational approvals. Analyze new technologies, hardware, and software to determine the applicability and need for the existing or proposed system, to include security, storage, and network technology. Ensure compliance with the customer's security requirements, incl. those related to data protection, access control, and incident response. Develop and assist with implementing security controls to protect customer systems and data, including firewalls, multi-factor authentication, and encryption. Work with the technical team to conduct internal risk assessments to identify potential security risks and develop mitigation strategies to address them. Prepare and maintain security documentation, incl. System Security Plans, Security Assessment Reports, and Plans of Action and Milestones. Coordinate with the customer's security team to ensure projects meet the Sponsor's security requirements and to address any security-related issues. Implement the customer's A&A process, including preparing and submitting required documentation and leading the team in A&A meetings and reviews. Ensure projects comply with relevant regulations and standards, including those related to data protection and cyber security, such as Defense Information Systems Agency Security Technical Implementation Guides (DISA, STIGs). Develop and maintain an incident response plan to respond to security incidents, including data breaches and system compromises. Conduct security testing and validation to ensure customer systems and data are secure, including vulnerability scanning and systems hardening. Maintain compliance with the customer's continuous monitoring requirements. Support technical exchange meetings on business and technical requirements.

Requirements

Demonstrated experience with designing and implementing secure communication solutions
Demonstrated experience with implementing infrastructure in public cloud
Demonstrated experience with the Intelligence Community Directive (ICD) 503 Assessment and Accreditation (A&A) process and acquiring necessary approvals to develop, implement and operate systems.
Demonstrated experience with the A&A processes and cyber security requirements as well as experience with coordinating with multiple entities or organizations to obtain necessary approvals to achieve and maintain Authority to Operate (ATO) status.
Demonstrated experience addressing and implementing system security
Demonstrated experience triaging and troubleshooting system
Demonstrated experience producing technical system
Demonstrated experience with designing and implementing cloud-hosted infrastructure for use with mobile and commercial applications.
Demonstrated experience in information
Demonstrated experience transferring, handling, and securing sensitive
Demonstrated experience developing system design
Demonstrated experience developing and briefing system designs to both technical and non-technical audiences to obtain operational and security approvals.
CompTIA Network+
CompTIA Security+
ISC2 Certified Information Systems Security Professional (CISSP)
A candidate must be a US Citizen and requires an active/current TS/SCI with Polygraph clearance.

Nice To Haves

Demonstrated experience with customer systems, architecture, and data.
Demonstrated experience providing coordination across customer's organization and business partners to expedite technology approval.
Demonstrated experience with the customer's A&A process and cyber security requirements as well as experience with coordinating across the customer organization to obtain necessary approvals to achieve and maintain Authority to Operate (ATO) status.
Demonstrated experience developing system design diagrams using customer provided tools.
EC-Council Ethical Hacker (CEH)

Responsibilities

Work with technical team to design, develop, test, and implement new networks and network architecture using current technology, to include authorization and accreditation.
Work with the technical team to complete requirements to obtain all required approvals and maintain compliance throughout the full lifecycle of the A&A process.
Work with the customer and users to identify and develop system requirements taking into account the desired results, hardware limitations and operating requirements, identified by the Customer.
Work with technical team to provide operational testing and recommendations for continuous improvement of equipment and software in support of customer's goals and objectives.
Work with the technical team to coordinate across the customer's organization and business partners to expedite operational approvals.
Analyze new technologies, hardware, and software to determine the applicability and need for the existing or proposed system, to include security, storage, and network technology.
Ensure compliance with the customer's security requirements, incl. those related to data protection, access control, and incident response.
Develop and assist with implementing security controls to protect customer systems and data, including firewalls, multi-factor authentication, and encryption.
Work with the technical team to conduct internal risk assessments to identify potential security risks and develop mitigation strategies to address them.
Prepare and maintain security documentation, incl. System Security Plans, Security Assessment Reports, and Plans of Action and Milestones.
Coordinate with the customer's security team to ensure projects meet the Sponsor's security requirements and to address any security-related issues.
Implement the customer's A&A process, including preparing and submitting required documentation and leading the team in A&A meetings and reviews.
Ensure projects comply with relevant regulations and standards, including those related to data protection and cyber security, such as Defense Information Systems Agency Security Technical Implementation Guides (DISA, STIGs).
Develop and maintain an incident response plan to respond to security incidents, including data breaches and system compromises.
Conduct security testing and validation to ensure customer systems and data are secure, including vulnerability scanning and systems hardening.
Maintain compliance with the customer's continuous monitoring requirements.
Support technical exchange meetings on business and technical requirements.