This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
System High Corporation - Hill Air Force Base, UT
posted 2 months ago
Full-time - Mid Level
Hill Air Force Base, UT
Professional, Scientific, and Technical Services
About the position
The Information Systems Security Manager II (ISSM II) at System High Corporation is responsible for overseeing the security of information systems, particularly within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies. This role involves advising on security policies, conducting risk assessments, and ensuring compliance with security protocols to protect sensitive information and operations.
Responsibilities
- Perform oversight of the development, implementation, and evaluation of information system security program policy.
- Develop and oversee operational information systems security implementation policy and guidelines based on the Risk Management Framework (RMF).
- Advise customers on RMF assessment and authorization issues.
- Perform risk assessments and make recommendations to DoD agency customers.
- Advise government program managers on security testing methodologies and processes.
- Evaluate authorization documentation and provide written recommendations for authorization to government PMs.
- Develop and maintain a formal Information Systems Security Program.
- Ensure that all IAOs, network administrators, and other cybersecurity personnel receive necessary technical and security training.
- Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation.
- Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media.
- Develop and execute security assessment plans that include verification of required protection levels.
- Maintain a repository for all system authorization documentation and modifications.
- Develop policies and procedures for responding to security incidents, including investigating and reporting violations.
- Ensure proper protection or corrective measures are taken when an incident or vulnerability is discovered.
- Establish data ownership and responsibilities for each authorization boundary, including accountability and access rights.
- Ensure development and implementation of an information security education, training, and awareness program.
- Evaluate threats and vulnerabilities to ascertain additional safeguards needed.
- Assess changes in the system, its environment, and operational needs that could affect authorization.
- Ensure valid Authorization determination for all authorization boundaries under purview.
- Review AIS assessment plans.
- Coordinate with PSO or cognizant security official on approval of external information systems.
Requirements
- Experience in information systems security management, particularly within DoD environments.
- Strong understanding of Risk Management Framework (RMF) and Joint Special Access Program Implementation Guide (JSIG).
- Proven ability to conduct risk assessments and provide security recommendations.
- Experience in developing and implementing information security policies and procedures.
- Ability to advise on security testing methodologies and processes.
Nice-to-haves
- Certifications such as CISSP, CISM, or similar security credentials.
- Experience with Special Access Programs (SAPs) and Sensitive Compartmented Information (SCI).
- Familiarity with security incident response and investigation processes.
Benefits
- Health insurance coverage
- 401k retirement savings plan
- Paid holidays
- Professional development opportunities
