Information System Security Manager (ISSM)
Contract 9+ months, Active Secret Clearance
M-F 40 hours weekly
(3) Openings, Must hold one of the following certifications: CISSP, CAP, CASP+ CE, CISM, and CCISO.
Must be a US Citizen and hold a current Secret clearance.
Client is seeking an Information System Security Manager (ISSM) to support all aspects of acquisition, systems engineering reviews, DT/OT, and milestone entrance/exit criteria integrated throughout the life cycle of the program. This is a full-time position supporting the Command, Control, Communication, Intelligence and Networks (C3I&N) Directorate under the ETASS program.
Major Duties & Responsibilities: Ensure compliance with cybersecurity requirements in accordance with DoD and DoD Component cybersecurity and information assurance policies and guidance. Support the PM in development of a POA&M and budget that addresses the implementation of cybersecurity requirements throughout the lifecycle of the system. Identify a cybersecurity team; the PM can designate the ISSM to chair a Cybersecurity Working-level Integrated Product Team (WIPT) or sub-WIPT, executed under the authority of the Systems Engineering WIPT. Support implementation of the RMF. Maintain and report systems assessment and authorization status and issues in accordance with DoD component guidance. Provide direction to the Information System Security Officer (ISSO) in accordance with DoDI 8500.01. Coordinate with the organization’s security manager to ensure issues affecting the organization's overall security are addressed appropriately. Continuously monitor the system or information environment for security-relevant events and configuration changes that negatively affect security posture. Periodically assesses the quality of security controls implementation against performance indicators. Immediately report any significant change in the security posture of the system, and recommended mitigations, to the Security Control Assessor (SCA) and AO. Recommend to the SCA or AO a reassessment of any or all security controls at any time, as appropriate. Ensure that SSE processes are aligned to, and adequately documented in the program's SEP and PPP, and are executed with sufficient rigor to ensure required security controls are implemented, resulting in the lowest level of residual risk to system operation. Ensure that cybersecurity inputs to program acquisition documents are prepared. Maintain situational awareness and initiate actions to improve or restore IA posture as well as conducting annual security reviews of all IA controls and a test of selected IA controls. Complete and maintain appropriate IA certification JAW AFMAN 33-285.
Qualifications: 15+ years experience in cyber security or information assurance including at least 5 years in a DoD environment. Bachelor’s degree in a related field. Must hold one of the following certifications: CISSP, CAP, CASP+ CE, CISM, and CCISO.
Experience with the certification and accreditation process. Significant experience in vulnerability scanning and analysis, including the use of automated tools and vulnerability management systems. Knowledge of intrusion prevention and network access control tools/systems. Understanding of system audit principles and security risk assessment. Strong understanding of security policy advocated by the U.S. Government including the Department of Defense and appropriate civil agencies, e.g., NIST. General experience includes development of both common user and special purpose command and control/information systems with increasing responsibilities in the scope and magnitude of the systems for which solutions have been implemented.
Must have a solid understanding of network infrastructure and mission assurance. Familiar with Federal government and DOD standards for IA/security including DIACAP, FISMA, NIST, and OMB. Must have solid communications skills and be capable of working with all levels of an organization.