Information System Security Manager (ISSM)

Job Description:

This position is for an Information System Security Manager (ISSM). The ISSM is responsible for the Cybersecurity program as stipulated by various USG requirements including (but not limited to): The National Industrial Security Program Operating Manual (NISPOM), Joint SAP Implementation Guide (JSIG), ICDs/DCIDs and other related documentation e.g. Baseline Technical Security Configuration Standards, DCSA Authorization and Assessment Process Manual (DAAPM), NIST & STIG Guidelines as well as customer/contract specific Cybersecurity regulations. The ISSM is responsible for the definition, implementation and maintenance of Information System Security policies, strategies, procedures and settings within the classified environment.

Components of the Cyber program include Assessment and Authorization (A&A) activities (documentation preparation, system configuration/validation, certification testing, etc.), security sustainment activities (hardware change management, software change management, account management, media protection, user interface, file transfers, etc.), conducting internal self-inspections, audit reviews and delivering information systems security education and awareness training. This includes the development, review and monitoring of Master System Security Plans, Information System Profiles, network System Security Plans, Standard Operating Procedures, POA&Ms and related addendums/attachments. This position will also be responsible for conducting investigations related to any information systems security violation involving classified information. This position interfaces with other security disciplines (e.g. Industrial Security and Special Programs Security, etc.), System Administrators, program personnel and USG security representatives.

Essential Functions:

• Assist program personnel at offsite locations to ensure they meet USG certification requirements and are properly trained to execute the cybersecurity program effectively and maintain security compliance
• Excellent communications skills, oral and written
• Demonstrated strong critical thinking and problem solving skills
• Self-motivated and possesses good written, verbal, listening and presentation skills, particularly in documenting evaluation results
• Confident personality with the ability to effectively prioritize multiple projects
• Ability to work with people in a team environment and deal effectively with changing project priorities
• Candidate must have demonstrated professional customer service skills

Qualifications:

• In-depth knowledge and experience with technical configuration standards relating to information system security; experience configuring Windows operating systems, experience with server systems, thin client architecture, system virtualization and other related peripherals
• Extensive knowledge and experience with certification/authorization requirements as outlined in the NISPOM, RMF, ICD 503/DCID, JSIG, NIST RMF & STIG and other USG IS/Security-related policies
• Knowledge and experience with configuration/certification and auditing/analysis of Windows, Linux, Unix systems
• Experience supporting various system configurations (Stand Alone, Local Area Networks, Wide Area Networks, Government, and Contractor connections)
• Experience with Interconnected Security Agreements (ISA), Network Security Plans (NSP), Memorandum of Agreement/Understanding (MOA/U)

Experience in implementing Windows Active Directory Services, Group Policy, or Linux LDAP Services.

• Applied experience with Windows PowerShell and Linux Shell Scripting.
• Experience with security information and event management (SIEM) and data loss prevention (DLP) solutions.
• Experience with audit reviews such as: physical security, network and application, password administration, file access privileges, etc.
• CISSP and/or other equivalent certifications
• Bachelor’s Degree and a minimum 6 years of prior relevant experience.
• Active DoD Secret Clearance is required