Senior Information System Security Manager (ISSM)

About The Position

Requirements

• Current active Top Secret clearance with SCI eligibility
• FEMA EOD suitability or Current DHS or FEMA EOD preferred
• BS/BA + 15 years of applicable experience (or equivalent)
• Experience managing a team of 10+ individuals
• Must have one of the following Information Assurance Management (IAT) Level III qualifications: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM)
• At least five years of experience working with FISMA
• Demonstrated expertise in SELC, Information Security processes, audits, tools, implementation, FISMA, NIST, IT security
• Knowledge of information security best practices, Enterprise Architecture, DHS experience
• Experience with CSAM, Regscale, or similar tools.

Nice To Haves

• Previous DHS or DoD experience

Responsibilities

• Manage staff of 10 engineers including timecard and performance management.
• Prepare all reports and required deliverables, attend client and staff meetings.
• Train staff in new technologies, current tools, and FISMA, DHS 4300, NIST and FIPS requirements.
• Oversee execution of the NIST Risk Management Framework (RMF) for assigned systems (categorize, select, implement, assess, authorize, and monitor controls), ensuring artifacts and activities for each RMF step are planned, documented, and kept current.
• Manage FISMA boundary specific workload prioritization, and work quality reviews for ISSOs and other cybersecurity personnel.
• Serve as the Information System Security Manager (ISSM) in accordance with DHS 4300 Series and NIST RMF, providing overall management of the information system security program for assigned systems.
• Ensure alignment with NIST and DHS standards.
• Coordinate with the Authorizing Official (AO), AO Designated Representative, System Owner, and Component CISO staff to communicate system risk posture, significant findings, and risk acceptance decisions.
• Prepare and/or approve all reports and required deliverables and represent the security program in client and staff meetings.
• Follow the Information Systems Security Manager (ISSM) / Information System Security Officer (ISSO) Guides when developing, updating, reviewing, or approving required security artifacts.
• Participate in or chair configuration/change control boards (CCBs) for assigned systems, ensuring security impact analysis is performed and documented for proposed changes prior to implementation.
• Ensure proper access controls are implemented and periodically reviewed for both system access and physical access to data processing facilities, consistent with NIST and DHS 4300 requirements.
• Oversee the creation, update, review, and readiness of system Authority to Operate (ATO) packages, and coordinate with the Authorizing Official (AO) and other stakeholders as required.
• Provide information security expertise and risk guidance to system development and operations teams throughout the System Engineering Lifecycle process, including participation in change control processes.
• Ensure Plan of Action & Milestone (POA&M) reports are maintained that security vulnerabilities are tracked and reported, and that remediation activities are planned, prioritized, and validated so support closure.
• Track and recommend technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attack, damage, or unauthorized access, and ensure alignment with DHS and NIST guidance.
• Oversee network device and information security incident, damage, and threat assessment programs, ensuring procedures are documented, tested, and consistently applied.
• Direct and coordinate investigations of network device and information security incidents to determine extent of compromise to national security information and automated information systems and ensure timely reporting to appropriate authorities.
• Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and network and device security and encryption, and guiding staff in their adoption where appropriate.
• Design, develop, or recommend integrated system solutions ensuring proprietary/confidential data and systems are protected in accordance with mandated standards.
• Oversee the configuration and validation of secure systems; review testing of security products/systems to detect computer and information security weaknesses; and ensure that identified risks are documented and addressed.
• Review, approve, and maintain in the system of record security architecture documentation; provide critical written and verbal analyses of security architecture documentation and vulnerability and risk assessments.
• Oversee the design and implementation of plans of action and milestones to remediate findings from vulnerability and risk assessments and track progress through closure.
• Provide information assurance for digital information, ensuring its confidentiality, integrity, and availability across assigned systems and environments.
• Lead and oversee authorization to operate IT systems at acceptable levels of risk; manage continuous monitoring activities; oversee vulnerability assessments and monitoring for indicia of compromise; coordinate incident response and remediation; and contribute to the development and maintenance of security policies, user security awareness and training materials, and compliance with applicable government and external standards.
• Ensure the timely recruitment and training of staff
• Conduct performance evaluations of staff
• Supervise, motivate, develop and direct staff in successful execution of assigned task areas

Benefits

• flexible time off
• robust learning resources
• competitive compensation
• benefits and learning and development opportunities
• comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.