Manager, Cyber Intelligence

About the position

The Information Systems Security Manager (ISSM) is responsible for implementing and maintain the cybersecurity / information assurance program for the site. This includes writing and maintaining all Information System Security policies, standards, and directives to ensure authorization and accreditation of information systems processing U.S. Government classified information. This position requires hands-on experience developing and implementing National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) for federal information systems with a focus on classified systems that fall under the authority of Defense Counterintelligence and Security Agency (DCSA). The individual that fills this position will be required to be hand-on with the systems to include routine security auditing.

Responsibilities

• Establishes, documents, implements, and monitors the Information System (IS) Security Program and related procedures for the facility and ensures facility compliance with requirements for classified IS.
• Authors and maintains documentation supporting the Assessment & Authorization (A&A) of assigned systems in accordance with the Risk Management Framework (RMF) under NISPOM; performs security control assessments as part of the systems’ Continuous Monitoring Plans.
• Obtains/Maintains NISP Enterprise Mission Assurance Support Service (eMASS) access to effectively manage all security authorizations for systems under their purview.
• Oversees configuration management of assigned systems; works and collaborates with IT organization to develop device and system hardening guides following DISA and NIST guidelines; audits systems to ensure maintenance of security posture integrity.
• Conducts periodic hardware/software inventory assessments as stipulated and required by governing directives.
• Identifies system security controls shortcomings, develops POA&Ms, and works toward resolution.
• Serves as lead for remediating control deficiencies.
• Conducts, documents, and reports annual self-assessments.
• Maintains operational information security posture for systems, programs, or enclaves; investigates security incidents such as data spills, data integrity and malicious events; authors and delivers security education training to range of audience levels.
• Implements strategic goals established by leadership.
• Manager and supervisory responsibilities for assigned Information System Security Officers (ISSOs).
• Coordinates with Facility Security Officer (FSO) and Insider Threat Program Senior Official (ITPSO) to ensure insider threat awareness is addressed and inherent within accredited information system programs.
• Ensures the development, maintenance and compliance to facility procedures governing: Marking, handling, control, removal, transport, sanitization, re-use, and destruction of media and equipment containing or exposed to classified information.
• Proper implementation of vendor supplied authentication features or security-relevant features.

Requirements

• Bachelor’s degree from an accredited college with a minimum of 9 years relevant experience. Graduate degree from an accredited college with a minimum of 7 years of prior related experience.
• Top Secret clearance with the ability to obtain TS/SCI.
• IA certifications in accordance with DoD Directive 8570 IAT Level III and IAM Level III (CISSP).
• Meet advanced Information Systems Security Manager under DoD 8140 by having one of the following certifications: CIMS, CISSP, GCIA.
• Experience with managing systems accredited by the Defense Counterintelligence and Security Agency (DCSA).
• Prior experience as an ISSO on a federal government authorized classified information system.
• Solid time management skills.
• Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammates.
• High level of personal motivation and initiative to learn and acquire new skillsets.

Nice-to-haves

• Prior experience with JSIG/ICD Assessment & Authorization (A&A) process.
• Have prior experience using eMASS to update system security plans.
• Flexibility to adjust to changing requirements, schedules, and priorities.
• Able to socialize ideas, make recommendations, and gain team consensus.
• An Active CI polygraph.

Benefits

• Healthy and disability insurance
• 401 (k) match
• Flexible spending accounts
• EAP
• Education assistance
• Parental leave
• Paid time off
• Company-paid holidays