ZipRecruiter - Arlington, TX
posted 23 days ago
Full-time - Mid Level
Arlington, TX
About the position
The Information Systems Security Manager (ISSM) will lead the organization's information security program, focusing on developing security protocols, ensuring regulatory compliance, and fostering a culture of security awareness. This role involves engaging with cross-functional teams, managing incident response, and representing the organization with external stakeholders, including government agencies and vendors.
Responsibilities
- Develop and enhance the information security program, including policies, procedures, and best practices.
- Regularly assess and update security strategies to align with industry standards and regulatory requirements.
- Maintain compliance with security standards such as NIST, FISMA, and JSIG.
- Conduct audits and assessments to verify compliance and address any findings.
- Lead the implementation of access controls, data encryption, and other security measures.
- Collaborate with IT and other teams to integrate security into systems and processes.
- Oversee incident response efforts, investigating and coordinating the resolution of security incidents.
- Develop and regularly test an incident response plan to ensure team preparedness.
- Support technical teams with guidance on security solutions and emerging technologies.
- Conduct security risk assessments to identify vulnerabilities and develop risk mitigation plans.
- Maintain comprehensive documentation for RMF processes, including SOPs and security plans.
- Represent the organization in communications with government agencies, auditors, and vendors.
- Present security reports and updates to senior management and external partners as needed.
- Regularly evaluate the effectiveness of the security program and implement improvements as necessary.
Requirements
- Active TS/SCI clearance with eligibility for CI Poly.
- IAM Level III certification (e.g., GSLC, CISM, CISSP, CCISO) or ability to obtain within six months.
- Bachelor's degree in Computer Science, Information Systems Management, Engineering, or a related field; or 4 years of relevant work experience in place of a degree.
- 8+ years in cybersecurity or a related field, including leadership experience.
- 2+ years of cybersecurity experience within the DoD or Intelligence community.
- Strong understanding of cybersecurity principles, tools, and techniques.
- Security+ or equivalent (DoD 8570) certification if not already IAM Level III certified.
- Demonstrated leadership experience and a proactive approach to security.
Nice-to-haves
- Experience as a Cyber or Security Analyst or Security Control Assessor (SCA) for federal systems.
- Familiarity with Special Access Programs (SAPs) and Intelligence Community (IC).
- Understanding of the Joint Special Access Program Implementation Guide (JSIG).
- Adaptability in fast-paced environments and comfort with ambiguity.
- Knowledge of cloud security and agile methodologies.
- Strong self-management skills with emphasis on initiative and follow-through.
- Proven communication skills, both written and verbal.
- Ability to build trusted advisor relationships with clients.
