Information Systems Security Manager (ISSM) – U.S. Navy Programs

About The Position

Requirements

• Bachelor of Science (BS) Degree in Computer Science, Information Technology (IT), Cybersecurity, or Engineering related field and a minimum of 3+ years of professional experience in Cybersecurity / IT.
• CompTIA Security+ certification required.
• Demonstrated experience with Risk Management Framework (RMF); experience within the DoD a plus.
• Experience using the eMASS system.
• Experience with vulnerability analysis tools such as Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS).
• Candidate must be a US Citizen and have an active DoD clearance, or the ability to obtain one.

Nice To Haves

• CISSP (or Associate), CASP+ CE, CCNP Security, CISA, GCED, or GCIH certification.
• Experience leading a team through a technical project.
• Proficiency in the use of Microsoft Office suite of applications.
• Basic Technical Writing ability.

Responsibilities

• Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
• Developing, updating, and/or reviewing system RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports (RARs).
• Providing solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge.
• Assessing system compliance against NIST, DoD, and Navy security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
• Coordinating with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
• Working with system administrators, engineers, and developers to update system/site policies, procedures, and process guides.
• Producing evidence as necessary to support compliance status of NIST, DoD, and Navy security requirements.
• Performing annual security reviews, annual testing of security controls, and annual testing of the contingency plan in line with FISMA requirements.
• Maintaining awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.
• Attending and participating in regular A&A status meetings to facilitate progress and address potential issues of RMF system efforts.
• Actively participating in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity/RMF policies.
• Utilizing the Enterprise Mission Assurance Support Service (eMASS) system work-flow for all formal coordination during the RMF process.
• Reporting changes in the security posture of systems to the Authorizing Official.

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs