Information Systems Security Manager

About The Position

Requirements

• Experience with NIST 800-53, ICD 503, and RMF practices, Security Technical Implementation Guides (STIGs), computer networking, and an operating system
• Experience with the development of Assessment and Authorization (A&A) artifacts
• Experience assessing and documenting test or analysis data to show cybersecurity compliance and setting up auditing dashboards, and reviewing results in SPLUNK
• Experience conducting risk analysis, reviewing ACAS, CVEs, plugins, CWEs, research, collaborating with System Administrators to mitigate identified vulnerabilities or author Plans of Action and Milestones (PO&AM)
• Knowledge of National Industrial Security Program Operating Manual (NISPOM), Joint Special Access Program Implementation Guide (JSIG), Intelligence Community Directives (ICD) 503 and 703, the RMF process, and associated National Institute of Standards and Technology (NIST) publications
• Knowledge of DD 254 requirements from an information security perspective
• Ability to configure and run security scans with Tenable products
• TS/SCI clearance with a polygraph
• HS diploma or GED
• IAM Level III Certification, including CISSP, GSLC, or CISM Certification

Nice To Haves

• Experience as an ISSO, ISSM, Information Systems Security Engineer (ISSE), or Security Controls Assessor supporting classified programs
• Ability to operate independently without supervision
• Ability to identify, contain, investigate, and report data spills through preliminary written reports
• Ability to coordinate the containment and device sanitization with staff at the affected locations
• Ability to provide an assessment and mitigation strategy addressing the data spill in the approved response plan
• Possession of excellent organizational skills
• Possession of excellent verbal and written communication skills
• Bachelor's degree
• CCNA, Red Hat, or Windows Certification

Responsibilities

• Serve as a Lead Information Systems Security Manager (ISSM) responsible for the Risk Management Framework (RMF) authorization of assigned Information Systems (IS)
• Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures as outlined in the security plan
• Conduct periodic assessments of authorized systems and ensure corrective actions for all identified findings and vulnerabilities are addressed in a timely manner
• Assume responsibility for all RMF continuous monitoring activities for authorized systems, including periodic analysis of collected audit records and the system vulnerability management cycle
• Monitor system incident recovery processes to ensure security features and procedures are properly restored and functioning correctly
• Ensure user activity monitoring data is analyzed, stored, and protected in accordance with our program policies and procedures, and execute a strong continuous monitoring strategy

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program