Information System Security Manager (ISSM)

About The Position

Requirements

• 14+ years of experience in Cybersecurity (ISSO, ISSE, ISSM) or related discipline.
• Minimum of five (5) years of experience in SAP, SCI, or Collateral Information Systems (IS).
• Knowledge of cyber tools such as SIEM, vulnerability detection, scripting languages, and/or programming languages.
• Understanding of cybersecurity needs of systems at various stages of the system development life cycle.
• Experience with A&A documentation and system authorization artifacts for SAP and SCI systems.
• Knowledge of federal security requirements and mandates (e.g., RMF, FIPS, NIST).
• Experience with Assured File Transfers (AFTs), IS sanitization and destruction procedures, incident response, and hardware/software configuration management.
• Excellent oral and written communication skills.
• Strong customer service skills and ability to work with personnel across multiple disciplines.
• Strong organizational skills and ability to manage multiple tasks concurrently.
• Ability to work well independently or as a team member.
• Working knowledge of cloud development tools such as GitLab, Artifactory, JIRA & SonarQube.

Responsibilities

• Maintain a repository of security documentation including Systems Security Plans and Information Assurance Standard Operating Procedures.
• Develop and implement a security assessment plan.
• Perform risk assessments and make recommendations to DoD agency customers.
• Advise government program managers on security testing methodologies and processes.
• Schedule, perform, and maintain records of required auditing, patching, maintenance, and scanning.
• Develop, review, endorse, and recommend action to the AO or AODR pertaining to system assessment documentation.
• Ensure approved procedures are in place for clearing, sanitizing, and destroying hardware and media.
• Maintain a repository for all system authorization documentation and modifications.
• Develop policies, procedures, and corrective measures for responding to and reporting security incidents and violations.
• Ensure proper protection or corrective measures are taken when an incident or vulnerability is discovered.
• Develop and conduct test procedures for verification Assessment and Authorization (A&A) and RMF safeguards.
• Employ customer-approved procedures for sanitizing and releasing system components and media.
• Maintain a repository of security authorizations for ISs under the program office's purview.
• Assess changes to an IS by performing periodic self-inspections, tests, and reviews.
• Ensure corrective actions are taken for identified findings and vulnerabilities.
• Maintain a working knowledge of IS functions, security policies, and operational security measures.
• Coordinate with the Program Security Officer and other representatives to define and maintain information security policies.
• Implement policies and procedures for responding to security incidents and for investigating and reporting security violations.
• Ensure the development and presentation of classified IS security education and training activities.

Benefits

• Starting PTO accrual of 20 days PTO/year + 10 holidays/year
• Flexible schedules
• 6% 401k match with immediate vesting
• Semi-annual bonus eligibility
• Company funded Employee Stock Ownership Plan (ESOP)
• Up to $10,000 in annual tuition reimbursement
• Life and disability insurance
• Optional zero deductible Blue Cross/Blue Shield health insurance plan