Cybersecurity - Senior Information System Security Manager (ISSM)

About The Position

Requirements

• Successfully completed Tier 5 Investigation (T5), formerly known as a Single Scope Background Investigation (SSBI) by the federal government within the last 5 years, or requires candidate to have been enrolled in a Continuous Vetting program within the last 5 years
• Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
• 10+ years of combined experience and education in IT, cybersecurity, or related fields
• 5+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• 5+ years of experience with cybersecurity leadership overseeing programs and teams, authorizing risk decisions, coordinating stakeholders, and improving security and compliance
• 5+ years of experience communicating complex technical risks, translating impact, and advising senior leaders
• Experience with Risk Management Framework (RMF) and with cybersecurity policies and RMF implementation (e.g., DAAG, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series)
• U.S. Person as defined by 22 C.F.R. §120.62 is required.
• Active U.S. Top Secret Security Clearance (U.S. Citizenship Required). (A U.S. Security Clearance that has been active in the past 24 months is considered active)

Nice To Haves

• 10+ years of experience as an information system security officer (ISSO) or information system security manager (ISSM) supporting classified programs
• 10+ years of experience utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS
• 10+ years of experience cybersecurity leadership overseeing programs and teams, authorizing risk decisions, coordinating stakeholders, and improving security and compliance.
• 10+ years of experience communicating complex technical risks, translating impact, and advising senior leaders.

Responsibilities

• Oversee the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures (multiple locations)
• Manage assigned team to facilitate effective execution of Risk Management Framework (RMF) through organization and execution of the Responsible, Accountable, Consulted and Informed model and other methods
• Provide assignment, guidance and coaching to support the team within Information Security
• Communicate with security assessors and program office personnel to ensure requirements are tracked and followed
• Manage and perform security compliance continuous monitoring
• Oversee and participate in security assessments and audits
• Prepare, review, and present technical reports and briefings
• Identify root causes, prioritize threats and recommend and/or implement corrective action
• Explore the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices and cloud methodologies
• Lead development of enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations

Benefits

• health insurance
• flexible spending accounts
• health savings accounts
• retirement savings plans
• life and disability insurance programs
• paid and unpaid time away from work