Information Systems Security Manager (ISSM)

• Maintain and enforce all cybersecurity policies, standards, and directives to ensure assessment and authorization of information systems processing classified information
• Participate in IT architecture design reviews to assess and ensure compliance with cybersecurity requirements
• Ensure cybersecurity principles are embedded in systems engineering efforts for ground and space systems in multiple classified computing domains
• Integrate the Risk Management Framework throughout the system acquisition lifecycle
• Create, review, and assess RMF related artifacts for acceptable implementation of cybersecurity principles
• Develop, coordinate, and implement cybersecurity strategies as a sub-component of the Program Protection Plan
• Evaluate and apply government cybersecurity (DoD, NIST, FIPS, and CNSS) policies and instructions as necessary
• Conduct program and technical risk assessments to determine necessary cybersecurity protection measures
• Monitor the evolving state of industry knowledge and application to information security best practices
• Interface with other government organizations during security evaluation of engineering design solutions
• Provide technical security evaluation support to the Security Control Assessor (SCA) during contractor assessment and authorization activities
• Evaluate the continued effectiveness of implemented protection measures within the authorization boundary
• Prepare, review, and present technical reports and briefings
• Provide mentoring and technical leadership to the cybersecurity program team

• Bachelor’s degree in Cybersecurity, Engineering, or a related scientific or technical discipline
• 3 years of work experience in Cybersecurity may be considered in lieu of Bachelor’s degree
• 10+ years of work experience in Information Assurance/Cybersecurity
• Experience as an ISSO, ISSE, or ISSM for a complex system
• Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Ability to translate cybersecurity related policies and guidance into system requirements
• Experience with cybersecurity assessment and authorization processes such as the Risk Management Framework
• Understanding of common vulnerabilities and associated risk mitigation strategies
• Experience with cybersecurity policy and processes, architectures, testing and evaluation procedures, including Zero Trust
• Articulate complicated security concepts in cross-functional planning, coordination and task execution across the spectrum of systems engineering and integration activities
• With minimal oversight, be able to sort through complex issues, prioritize them accordingly, advocate for resources, and elevate to management as necessary
• Effective interpersonal and team-building skills, to engage at both the engineer and management levels to build confidence and collaboration between team members
• Strong written and verbal communications skills
• Experience with COMSEC key management and familiarity with cryptographic equipment lifecycle management concepts
• Ability and willingness to obtain a DoD 8570.01-M recognized IAT Level III cyber security certification within 1 year from date of hire
• The ability to work in a secure, confined location (i.e., SCIF)
• Must have an active TS/SCI clearance to be considered for this position

• DoD 8570.01-M IAT Level III approved cybersecurity baseline certification
• Master’s degree in Cybersecurity, Engineering, or a related scientific or technical discipline
• Computing Technology Industry Association Security + Certification
• Understanding and experience in the acquisition life cycle for information systems
• Experience in security control evaluation, testing, and assessment in complex system environments
• Familiarity with security tools for implementing and assessing security compliance (e.g. SCAP, STIGS, ACAS)
• Experience deploying and maintaining a Security Information and Event Management system for a multiple operating system enterprise

KBR