Information Systems Security Manager – Issm

Information Systems Security Manager – Issm

Requirements

• 8 years with BS/BA; 6 years with MS/MA; 3 years with PhD; or 12 years of commensurate experience in a DoD environment in lieu of degree.
• DoD TS/SCI clearance needed.
• Cybersecurity certificate commensurate to DoD8570.01 IAM Level II (i.e. CGRC, CASP, CISSP, CISM) must be acquired within the first 120 days of employment.

Responsibilities

• Ensures the implementation of the Risk Management Framework (RMF), through the required government policy, make recommendations on process tailoring, participate in and document process activities.
• Will deliver information security support and design recommendations adhering to DoD security policies and compliance mandates while fulfilling customer requirements.
• Will perform periodic assessments of systems and networks within the networking environment and/or enclave and will identify where those systems and networks deviate from acceptable configurations, enclave policy, and compliance requirements.
• Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
• Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
• Document the results of Assessment and Authorization (A&A) activities and technical or coordination activity and prepare the System Security Plans and update the Plan of Actions and Milestones (POA&M).
• Provide oversight and guidance of information security personnel performing system analysis looking for patterns of non-compliance; ensure appropriate administrative or programmatic actions which minimize security risks and insider threats.
• Provide oversight and guidance ensuring systems are properly configured, optimized, and tested ensuring all policy and technical requirements (i.e. Security Technical Implementation Guides (STIGs)) are met.
• Manage all cybersecurity related processes and procedures in the documentation of access control lists on routers, firewalls, CE, printing devices, and other network devices.
• Assess the performance of cybersecurity security controls within the environment.
• Perform control validation and remediation validation of network servers, routers, and switches to ensure they comply with security policy, procedures, and technical requirements.
• Evaluate potential cybersecurity security risk and take appropriate corrective and recovery action utilizing various tasking mechanism such as Remedy, eMASS, XACTA, ACAS, etc.
• Provide oversight and guidance of cybersecurity personnel implementing applicable patching oversight and validation of all security related updates including Cyber Tasking Order compliance.

Preferred Qualifications

No preferred qualifications provided.