Information Systems Security Manager
Sev1Tech
- Mechanicsburg, PA
- Permanent
- Full-time
- Develop and maintain a formal IS security program and policies for their assigned area of responsibility.
- Provide technical and procedural Information System (IS) Security advice to government and industrial teams.
- Develop and oversee operational information systems security implementation policy and guidelines.
- Coordinate with PSO or cognizant security official on approval of External Information Systems (e.g. guest systems, interconnected system with another organization).
- Oversee ISSOs under their purview to ensure they follow established IS policies and procedures.
- Assume ISSO responsibilities in the absence of the ISSO; maintain required IA certifications.
- Ensure System Administrators (SA) monitor all available resources that provide warnings of system vulnerabilities or ongoing attacks.
- Ensure approved procedures are used for sanitizing and releasing system components and media.
- Maintain a repository of all security authorizations for IS under their purview.
- Coordinate IS security inspections, tests, and reviews.
- Ensure proper measures are taken when an IS incident or vulnerability is discovered.
- Ensure data ownership and responsibilities are established for each IS, and specific requirements (to include accountability, access and special handling requirements) are enforced.
- Ensure development and implementation of an effective IS security education, training, and awareness program.
- Ensure CM policies and procedures for authorizing the use of hardware/software on an IS are followed. Any additions, changes or modifications to hardware, software, or firmware must be coordinated with the appropriate AO prior to the addition, change or modification.
- Serve as a voting member of the Configuration Control Board (CCB) and/or the Risk Executive Board, if applicable. The ISSM shall have authority to veto any proposed change they feel is detrimental to security. Appeals on an ISSM/ISSO veto may be taken to the AO. The ISSM may elect to delegate this responsibility to the ISSO.
- Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
- Manage, maintain, and execute the information security continuous monitoring plan.
- Ensure a record is maintained of all security-related vulnerabilities and ensure serious or unresolved violations are reported to the AO/DAO; and Assess changes to the system, its environment, and operational needs that could affect the security authorization.
- Must have DOD Secret level clearance to start
- Certification Requirement: Directive 8570.1/8140 – IAM-III: Certified Information Systems Security Professional (CISSP)
- Bachelor’s degree with a minimum of 10 years of relevant experience
- Experience performing risk assessments and audits
- Experience using DoD approved tools (ACAS, SCAP-compliant scanners, eMASS, etc.).
- Knowledge of the overall Risk Management Framework and NIST compliance as a security professional
- Experience presenting to clients or management to present technical and non-technical information to allow key personnel to make informed decisions
- Experience successfully advising stakeholders through the ATO process
- Familiarity with information security documents, government orders, notices, and guidelines
- Experience documenting and maintaining systems running in AWS GovCloud (DoD preferred)
- Ability to work independently to create and update Security Plans, Contingency Plans, and other security documents
- Solid understanding in DoD Cyber Security policies and requirements
- Bachelor’s degree in Engineering, IT, Computer Science, or related field or equivalent
- 5 years’ experience in ISSM capacity
- Experience supporting DoD (Navy preferred) enterprise application transition to the AWS GovCloud (up to IL 6) in a security capacity
- AWS Certified Security certification