Information Systems Security Manager

About The Position

Requirements

• Thorough understanding of the NISPOM chapter 8 requirements.
• Experience developing Information Systems security plans, policy, and procedures.
• Experience configuring laptops/desktops/servers, install applications, setup network infrastructure and troubleshoot as required.
• Have a strong understanding of computer operating systems (Windows and Linux), software and computer hardware.
• Experience with Windows account administration, group policy administration, and directory permissions.
• Experience with Windows Active Directory, Domain Controllers, Certificate Authority, DNS, DHCP, and Windows Update Services.
• Experience maintaining and auditing Cisco ISE, switches, routers, and firewall.
• Experience maintaining and auditing Palo Alto Intrusion Detection System.
• Experience with security event and Incident management utilizing Splunk.
• Experience with vulnerability management utilizing Tenable Nexus.
• Experience establishing and maintaining SIPRNet connectivity.
• Information Systems Security knowledge in system auditing.
• Lead Defense Counterintelligence and Security Agency (DCSA) Security Vulnerability Assessments (SVA), Command Cyber Readiness Inspections (CCRI) and Other Government Agency (OGA) inspections.
• Knowledge of the DoD Risk Assessment Methodology (DRAM).
• Experience with Plan of Actions and Milestones (POA&M) tracking.
• Experience with a Risk Management Framework (RMF) accreditation processes.
• Experience working in complex environments with a high degree of organizational effectiveness.
• Ability to work independently and with a team in a fast-paced environment.
• Excellent communication skills with a proven ability to effectively interact with all levels of employees, contractors, and customers.
• Bachelor’s degree in applicable field of Information Technology study including Computer Science or a related field, or equivalent knowledge.
• Five years of related experience in an information systems security environment.
• Ability to work at a computer for extended periods of time.
• U.S. Citizenship.
• Active DoD Top Secret/DOE Q clearance.
• Possess a DoD 8570 IAM level III baseline certification (CISM, CISSP or other).

Responsibilities

• Develops and administers information security procedures for information systems in support of government agencies in the performance of classified programs and projects.
• Develops and executes an IT program detailed security policies, plans, and procedures that exceeds customer expectations and minimizes security risks.
• Serves as management official and point-of-contact for all information system issues involving sensitive and classified information.
• Manages security controls to ensure confidentiality, integrity, and availability of information and information systems; builds security into the development process and defines security specifications to support the acquisition of new systems, reviews all secure systems procurements to ensure that security has been considered and included.
• Provides strategic guidance and advice on secure meetings and state-of-the-art conference room technologies.
• Serves as liaison with program staff and other customers and can respond to short-notice tasks and provides security engineering and integration services to staff and other customers.
• Investigates information system security violations and prepares reports specifying corrective actions for the current situation and preventative actions to be taken in the future.
• Proactively coordinates the establishment of system security controls to protect sensitive government and institution information using authentication techniques, encryption, firewalls, and access controls.
• Maintain systems in accordance with the security plan and Authorization to Operate (ATO).
• Audits, monitors, and performs self-inspections of applications, systems, and security logs for security threats, vulnerabilities, and suspicious activities.
• Implement measures to protect data from physical destruction or theft.
• Ensure that back-up procedures are in place for data recovery.
• Conducts risk assessments of all systems and mitigates vulnerabilities wherever feasible.
• Develops and implements information system security training, education, and awareness programs for all system users.
• Interacts with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with Chapter 8 of NISPOM and other regulations.
• Ensures compliance with the National Industrial Security Program Operating Manual (NISPOM), DCSA Assessment and Authorization Process Manual (DAAPM), Department of Defense (DoD) regulations, Intelligence Community Directives (ICDs) and Security Technical Implementation Guides (STIGs).
• Prepares documentation, including Information Security Plans, outlining regulations, and establishing information security policy.
• Ensures all users have the requisite security clearances, authorization, and Need-to-Know (NTK).
• Complete required ISSM training within 6 months of hire.
• Maintains appropriate standard of confidentiality.
• When handling secure, privileged, sensitive, or confidential information and matters, maintains strict confidence and exercises care to prevent disclosure to others.
• Accesses confidential information for work-related reasons only, following the policies and procedures of the organization.
• Ensures that any privileged, sensitive, or confidential information is securely stored, disposed of, and transmitted according to the Institutional guidance.