Information Systems Security Manager

Information Systems Security Manager

Requirements

• Information Security
• Information Security Management
• Information System Security
• Cisco Certified Network Associate (CCNA) Security – Cisco
• GICSP: Global Industrial Cyber Security Professional – Global Information Assurance Certification (GIAC)
• GSEC: GIAC Security Essentials Certification – Global Information Assurance Certification (GIAC)
• 10 + years of related experience
• US Citizenship Required
• Master’s degree or equivalent experience (6 years)
• IAT Lvl III or IAM Lvl III – within 6 months of the date of hire
• Current – TS/SCI
• Willing to obtain – TS/SCI with CI poly

Responsibilities

• Lead, cultivate and maintain productive working relationships with other DoD agencies managers, data stewards, and senior leadership to foster productive and positive cyber security profile
• Participate in the strategic planning and implementation of the Cyber Security Program
• Provide expert input to the formulation of cyber security policies based upon the Risk Management Framework (RMF) with emphasize on Joint Special Access Program Implementation Guide (JSIG) authorization process
• Advise customer on Risk Management Framework (RMF) assessment and authorization issues
• Develop and implement a security assessment plan
• Perform risk assessments and make recommendations to DoD agency customers
• Advise government program managers on security testing methodologies and processes
• Evaluate authorization documentation and provide written recommendations for authorization to government PM’s
• Develop and maintain a formal Information Systems Security Program
• Ensure that all IAOs, network administrators, and other cyber security personnel receive the necessary technical and security training to carry out their duties
• Develop, review, endorse, and recommend action by the AO or DAO of system assessment documentation
• Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media
• Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning
• Institute and implement a Configuration Control Board (CCB) charter
• Maintain a and/or applicable repository for all system authorization documentation and modifications
• Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system
• Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements
• Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training
• Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed
• Assess changes in the system, its environment, and operational needs that could affect the authorization
• Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview
• Review AIS assessment plans
• Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization)
• Conduct periodic assessments of the security posture of the authorization boundaries
• Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented
• Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs)
• Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination
• Ensure all authorization documentation is current and accessible to properly authorized individuals
• Ensure that system security requirements are addressed during all phases of the system life cycle
• Establish and develop a self-inspection program within the organization
• Periodically review system security to accommodate changes to policy or technology
• Coordinate all technical security issues outside of area of expertise or responsibility with ISSE
• Provide expert research and analysis in support of expanding programs and area of responsibility as it pertains to cyber security and information technology activities
• Develop Assured File Transfers (AFT) on accordance with the JSIG
• Provide leadership, mentoring, and quality assurance for Cyber Security and Information Technology team members

Preferred Qualifications

No preferred qualifications provided.