Information Systems Security Manager (ISSM) II
$105,060 - $142,140/Yr
GD Information Technology, Inc. - Ogden, UT
posted about 2 months ago
Full-time - Mid Level
Remote - Ogden, UT
10,001+ employees
About the position
The Information Systems Security Manager (ISSM) II serves as a principal advisor on all matters related to the security of information systems, particularly within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies. This role involves oversight of the development and implementation of information system security policies, risk assessments, and ensuring compliance with security requirements throughout the system life cycle.
Responsibilities
- Perform oversight of the development, implementation, and evaluation of information system security program policy.
- Develop and oversee operational information systems security implementation policy and guidelines based on the Risk Management Framework (RMF).
- Advise customers on RMF assessment and authorization issues.
- Perform risk assessments and make recommendations to DoD agency customers.
- Advise government program managers on security testing methodologies and processes.
- Evaluate authorization documentation and provide written recommendations for authorization to government PMs.
- Develop and maintain a formal Information Systems Security Program.
- Ensure necessary technical and security training for IAOs, network administrators, and other cybersecurity personnel.
- Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation.
- Ensure approved procedures are in place for clearing, sanitizing, and destroying hardware and media.
- Develop and execute security assessment plans that include verification of required features and assurances.
- Maintain a repository for all system authorization documentation and modifications.
- Institute and implement a Configuration Control Board (CCB) charter.
- Develop policies and procedures for responding to security incidents.
- Ensure proper protection or corrective measures are taken when an incident or vulnerability is discovered.
- Establish data ownership and responsibilities for each authorization boundary.
- Develop and implement an information security education, training, and awareness program.
- Evaluate threats and vulnerabilities to ascertain additional safeguards needed.
- Assess changes in the system and operational needs that could affect authorization.
- Ensure valid Authorization determination for all authorization boundaries.
- Review AIS assessment plans.
- Coordinate with PSO or cognizant security official on approval of external information systems.
- Conduct periodic assessments of the security posture of the authorization boundaries.
- Ensure configuration management for security-relevant changes to software, hardware, and firmware.
- Ensure periodic testing is conducted to evaluate the security posture of IS.
- Ensure system recovery and reconstitution processes are developed and monitored.
- Ensure all authorization documentation is current and accessible to authorized individuals.
- Ensure system security requirements are addressed during all phases of the system life cycle.
- Develop Assured File Transfers (AFT) in accordance with the JSIG.
- Participate in self-inspections.
- Conduct the duties of the Information System Security Officer (ISSO) if one is not present.
Requirements
- 7+ years of related experience in information security management.
- Bachelor's degree or equivalent experience (4 years).
- IAT Level II certification required to start (e.g., Security+ CE, CCNA Security).
- DoD 8570.01-M IAM Level II certification in lieu of IAT Level II.
- US Citizenship required.
- Top Secret/SCI clearance must be obtained.
Benefits
- Medical plan options, some with Health Savings Accounts.
- Dental plan options.
- Vision plan.
- 401(k) plan with company match.
- Flexible work weeks.
- Paid time off plans including vacation, sick, personal time, holidays, paid parental, military, bereavement, and jury duty leave.
- Short and long-term disability benefits.
- Life insurance and accidental death and dismemberment insurance.
- Critical illness and business travel accident insurance.
