Information Systems Security Manager (ISSM)

About The Position

Requirements

• Must be a U.S. citizen with Active TS/SCI clearance and CI Poly
• Experience as an ISSM/ISSO implementing NISPOM Chapter 8, ICD 503, and/or JSIG IS requirements in an SAP/SCI environment
• CISSP and CISM certifications
• Ability to obtain GSLC certification within 6 months of hire
• Bachelor of Science degree
• 8 years of related IT security experience
• Minimum of 2 years related IT or security experience in a classified (SCI) environment
• Hands-on experience with SIEM tools (Splunk, Elastic, or similar) for log analysis and security event correlation
• Knowledge of Information Security or Information technology standards
• Experience with Risk Management Framework (RMF) including participation in assessment and authorization activities
• Experience conducting security audits and vulnerability assessments in operational classified systems
• Department of Defense Directive (DoDD) 8140 / 8570 Certification requirements (CompTIA Security+ CE or equivalent certification)
• Experience coordinating with government assessment teams (DCSA, NSA, Program Security Officers)

Nice To Haves

• Experience with RMF Workflow Management Solutions such as XACTA, EMASS, or Service Now
• Familiarity with implementation of Government directives and policies derived from NIST, CNSSI, ICD, DoD, or other Government Regulatory compliance standards within a professional industry
• Experience with Information Security tools including audit reduction, vulnerability management, change detection, network monitoring, etc. (ACAS, Nessus, HBSS, SPLUNK, RedSeal, Tripwire, DISA SCC and STIG Viewer)
• Experience developing IS security plans, policy and procedures for Local Area Network (LAN) Information Systems and Wide Area Network (WAN) Information systems
• Experience with both Windows and Linux operating environments
• Previous leadership experience
• Experience managing security incidents and coordinating response activities in classified environments
• Knowledge of DevSecOps practices and secure software development lifecycle in classified systems
• Experience with insider threat detection tools and procedures

Responsibilities

• Responsible for ensuring Information System compliance with the potential to span multiple business areas or programs.
• Ensure system security measures comply with applicable government policies.
• Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Maintain a thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
• Monitor and resolve Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
• Communicate and coordinate Information Systems Security policy across their organization and work with government agencies to obtain rulings, interpretations, and acceptable deviations for compliance with regulations.
• Establish, document, implement, and monitor the IS Security Program and related procedures for the facility and ensure compliance with IS security requirements.
• Prepare and maintain Systems Security Plans (SSP) which accurately reflect the installation and security provisions of the system.
• Ensure that each SSP has been implemented, that the specified security controls are in place and properly tested, and that the IS is functioning as described in the SSP.
• Evaluate proposed changes or additions to the SSP and collaborate with customers for systems approvals.
• Conduct on-going security reviews and tests for information systems to periodically verify that security features and operating controls are functional and effective.
• Ensure that periodic self-inspections of the facility’s IS Program are conducted as part of the overall facility self-inspection program.
• Ensure the development, documentation and presentation of IS security education, awareness, and training activities for facility management, IS personnel, users, and others as appropriate.
• Ensure personnel are trained on the IS’s prescribed security restrictions and safeguards before they are initially allowed to access a system.
• Responsible for reporting compliance metrics to government CSA, Program Management, and Information System Owner.
• Manage, lead and provide security guidance and mentoring to a team of security professionals
• Oversee and coordinate insider threat program activities for assigned information systems in collaboration with the Insider Threat Program Manager.
• Ensure proper media sanitization, destruction, and accountability procedures are followed for classified storage devices and system components throughout the system lifecycle and during decommissioning activities.
• Coordinate security incident response activities for assigned systems, including timely reporting to appropriate government agencies (DCSA, NSA, etc.) and internal stakeholders.
• Oversee physical security integration with IS security requirements, ensuring proper coordination with facility security personnel.
• Manage COMSEC material accountability and cryptographic key management for assigned systems as applicable.
• Ensure compliance with TEMPEST/EMSEC requirements for SCI-level systems as applicable

Benefits

• We offer a comprehensive package of benefits including paid time off, health and welfare insurance, and 401(k) to eligible employees.
• Additionally, this position is incentive eligible with a target based on contribution, company performance, and/or individual results achieved; the specific incentive plan and target amount will be determined based on the role and breadth of contributions.