Information System Security Manager (ISSM) NF5

About The Position

Requirements

• Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND seven years of experience performing specific tasks for Information System Security Manager (ISSM), security assessments, vulnerability management, or cybersecurity (CY).
• Knowledge of risk management processes, secure configuration management techniques, Government laws and policies, cyber threats and vulnerabilities, encryption algorithms, host/network access control mechanisms, vulnerability information dissemination sources, Payment Card Industry (PCI) data security standards, Personally Identifiable Information (PII) data security standards, incident response and handling methodologies, intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Skill in applying security controls, analyzing traffic to identify network devices, conducting application vulnerability assessments, assessing security systems designs, interpreting vulnerability scanner results to identify vulnerabilities, assessing cloud security measures and microservices, preparing Test & Evaluation reports, and running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark, compliance checks, and security configuration reviews.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data, apply cybersecurity and privacy principles to organizational requirements, conduct vulnerability scans and recognize vulnerabilities in security systems, and translate data and test results into evaluative conclusions.
• Must fulfill the requirement to complete DoD Workforce Improvement Program certification (DoD 8140.01) as a condition of access within six months of employment.
• Must be able to obtain and maintain an Access National Agency Check and Inquiries (ANACI/ Tier 3) Secret Clearance to access classified information.

Responsibilities

• Serve as an advocate for all disciplines within the security program including the development and subsequent enforcement of the organization’s security awareness programs, business continuity and disaster recovery plans, and all industry and governmental compliance issues.
• Promotes IT security awareness to the user community by validating the user community is completing annual security training.
• Oversees and maintains regulatory requirements and completes periodic reviews for security implications and security applications.
• Works closely with and receives reports from Information Systems Security Manager(s), Information Systems Security Officers (ISSO)s, and Information System Security Engineer(s).
• Performs security compliance efforts IAW the Payment Card Industry (PCI), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology Special Publication (NIST SP) 800 series, Federal Information Processing Standards (FIPS) series, and USMC related policies and procedures.
• Conducts assessments of threats and vulnerabilities, determine deviations from acceptable configurations and enterprise or local policies, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in all situations.
• Coordinates with all departments within the Marine Corps Community Services (MCCS) and higher Marine Corps to support cybersecurity awareness initiatives.

Benefits

• Stability of Federal Civilian Service
• People with passion for doing work that matters
• Quality of Work Life Balance
• Competitive Pay
• Comprehensive Benefit Packages
• Marine Corps Exchange and Base Facility Privileges