AppleOne - Union Park, FL
posted 24 days ago
Full-time - Mid Level
Union Park, FL
Administrative and Support Services
About the position
The Information Systems Security Manager (ISSM) is responsible for guiding information systems through the DoD's Risk Management Framework Assess and Authorize (RMF A&A) process. This role involves collaboration with project and software engineers to ensure the security certification and reliability of systems while adhering to relevant laws, regulations, and internal policies to minimize potential risks.
Responsibilities
- Develop and deliver comprehensive Body of Evidence (BoE) artifacts including system security plans, implementation plans, risk assessments, and authorization boundary diagrams.
- Collaborate with automated RMF tools such as eMASS and APMS, following FISMA, DoD Instruction 8500.01, NIST SP 800-53, and CNSSI 1253 guidelines.
- Engage with leaders from DoD Cybersecurity and Government SME representatives.
- Integrate with Security Requirements Guide (SRG) and Security Technical Implementation Guides (STIG) development teams.
- Ensure compliance with DoD Cybersecurity policy requirements outlined in DoDI 8500.01 and DoDI 8510.01.
- Provide monthly status reports and track the execution of RMF, including compliance with authorizations and security control assessments.
- Identify risk areas through implementation shortfalls and develop plans to recommend policy updates.
- Participate in working groups and forums to gather information for RMF and continuous monitoring support.
- Provide guidance on addressing risks from a mission and business process perspective.
Requirements
- 5 or more years of work experience in similar DoD environments.
- Bachelor's degree in computer science, Programming, Cybersecurity, or related field.
- DoDM 8570.0 IAT Level II Certification (CompTIA) Security+.
- ISC2 Certified Information Systems Security Professional (CISSP) or equivalent certification is a plus.
- Experience with DoD system toolsets such as ACAS (Tenable Nessus).
- Experience obtaining an Interim Authority to Test (IATT) or Authority to Operate (ATO).
- Familiarity with RMF A&A process and developing Body of Evidence (BoE) artifacts.
- Extensive experience using eMASS including data input, validation, and security plan workflows.
Nice-to-haves
- Prior experience obtaining full system authorization through eMASS.
- Prior experience with NAVAIR/NAWCTSD projects.
- Prior service in a branch of the U.S. Military is a plus.
- Prior experience supporting Army and DoD RMF processes.
Benefits
- Major medical, dental, vision insurance.
- 401k plan.
- Statutory sick pay where required.
