Information Systems Security Manager (ISSM)

What will you be doing?:

• Interpret the DIA Special Access Program Implementation Guide in determining technical Information Assurance (IA) requirements and ensure proper security implementation of the Risk Management Framework (RMF).
• Develop system documentation for information system authorization, security management, and continuous monitoring of both networked and standalone classified systems.
• Perform system auditing, vulnerability risk assessments, Assured File Transfers, hardware/software configuration management, data integrity containments and investigations on IA related security violations/incidents.
• Provide cybersecurity education and training for all system users on appropriate risk mitigation strategies.
• Provide support for systems across the entire Assessment and Authorization (A&A) process.
• This support will consist of documenting, monitoring, updating, and managing systems to maintain an acceptable security posture and to achieve an Interim Authority to Operate (IATO) and Authority to Operate (ATO) and/or Authority to Connect (ATC) across the various local and deployed locations.
• Implementation as applicable for Platform Information Technology (PIT).
• Shall prepare A&A system documentation for submission to the Designated Approving Authority (DAA).
• Types of artifacts that will be required:
• Hardware and Software Lists
• Hardware and Software diagrams
• Plan of Action and Milestones (POAM)
• Risk Assessment Report (RAR)
• Security Technical Information Guides (STIG)
• Manual and Inherited Security Controls
• Firewall modifications for Ports and Protocols
• CCB Charter and Documentation
• Incident Response Plan
• Contingency Plan
• Configuration Management Plan
• Information Assurance Vulnerability Alerts, Bulletins, and Advisories
• Ensure all required software applications are approved and current
• Maintain thorough understanding of NIST 800-53/800-171 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM)

The Company:

• Founded in 2003, IT Concepts was established with a simple yet important promise to “deliver technology concepts that work.” This founding principle, which permeates throughout our team and company culture, has propelled ITC to the upper echelons of the industry. With award-winning services and unflinching dedication to country and clients, ITC remains committed to teamwork, innovation, and collaboration.
• We’re an SBA 8(a) and CVE certified Service-Disabled Veteran Owned Small Business focused on providing best in class IT Services, Management Consulting, and Data Services Solutions to our clients.
• We’re ISO 27001:2013, ISO 20000-1:2011, and ISO 9001:2015 certified and have CMMI DEV and SVC ML3 ratings
• We’ve been named part of: Inc 5000’s Fastest Growing Private Companies in 2016, 2018, 2020; Washington Business Journal’s Fastest Growing Companies in 2015, 2016 and 2017, 2019; Washington Business Journal’s Best Places to Work in 2015, 2016 and 2017, 2019

The Employer:

• We offer great benefits – Competitive Paid Time Off, Medical, Dental and Vision Insurance, Identity Protection, Pet Insurance, 401(k) with company matching and Profit Sharing
• We invest in our employees – Each ITC employee is provided with a LinkedIn Learning Account for endless training. In addition, every employee is provided with a stipend to invest in certifications, a master’s degree, or even a doctorate.
• We work hard, we play hard -Nationals Games, Happy Hours, Holiday events, philanthropic endeavors, etc…at ITC we enjoy working together but also take time to connect with each other and our community through various events and activities.

Qualifications
Required:

• Minimum Bachelor's degree in relevant field and 8 years of relevant experience OR 6 years of relevant experience with Master's degree in relevant field.
• Hold a current IAM level II certification (CISSP, CAP, CASP+, CISM, or GSLC IAW DoD 8570.01-M.
• Experience working with databases, networks, hardware, firewalls, cross-domain solutions and encryption in a cyber-security roll.
• Knowledge and experience with DevSecOps and C2S are required.
• Proficient using Microsoft Windows and Linux operating systems.
• Proficient using Microsoft Office Professional applications.
• Experience implementing the RIsk Management Framework to accredit systems.
• Experience establishing eMASS for systems.
• Experience using Assured Compliance Assessment Solution to identify vulnerabilities.

Clearance requirements:

• Must have an active TS/SCI clearance and be able to pass CI Polygraph.

This position is contingent upon budget, and/or customer approval.
IT Concepts is an Affirmative Action/Equal Opportunity employer. As such, any personnel decisions (hire, promotion, job status, etc.) on applicants and/or employees are based on merit, qualifications, competence and business needs, not on race, color, citizenship status, national origin, ancestry, gender, sexual orientation, gender identity, age, religion, creed, physical or mental disability, pregnancy, childbirth or related medical condition, genetic information of the employee or family member of the employee, marital status, veteran status, political affiliation, or any other factor protected by federal, state or local law.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

Job Type: Full-time