Information System Security Manager (ISSM)
The Information Systems Security Manager (ISSM) supports IDA's classified and unclassified information systems; represents IDA with cognizant US Government accrediting agencies, provides technical leadership for up to three Information System Security Officers (ISSOs); collaborates closely with IDA researchers, IT, and US Government accrediting agencies to identify appropriate security control baselines and ensure they are implemented prior to being introduced into a production environment, and reviews and authorizes proposed changes to ensure they are done in a controlled and documented fashion; develops an information systems security, education, training, and awareness program; manages and coordinates information security monitoring, inspections and classified spill or data loss incident response; lead IDA efforts manage inspections of IDA unclassified and classified systems by US Government agencies.
- Responsible for IDA industrial security information systems security programs.
- Ensures ISSO's, IT staff, and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization document packages.
- Represents IDA with cognizant US Government agencies responsible for classified computing
- Engages in continuous dialog with US Government Agencies to provide changes in IDA’s security posture and learn of new government systems security requirements
- Collaborates closely with IDA researchers, IT, and US Government accrediting agencies to identify appropriate security control baselines
- Performs a technical assessment of a system’s implemented security configuration to ensure compliance before the system moves to a production environment.
- Conducts reviews and technical inspections to ensure compliance with IDA and US Government policies, and to identify vulnerabilities or security weaknesses. Recommends corrective actions and ensures proper vulnerability reporting.
- Ensures the ISSOs regularly audits all systems under purview to validate proper use, and that all documentation (i.e., training records, system baselines, etc.) is kept current.
- Lead IDA efforts manage inspections of IDA unclassified and classified systems by US Government agencies
- Analyzes results and prepares final management report with recommendations and any required action plans.
- Ensures all ISSMs, ISSOs, security personnel, IT staff, and users receive the required technical and security training, and appropriate briefings.
- Performs other duties as assigned.
- U.S. Citizenship is required.
- Bachelor’s degree in an IT-related or similar relevant field or equivalent experience.
- Minimum four years’ experience in Information Technology or in an Information System Security Officer/Manager role. At least two years of the four must be in an ISSO/ISSM role .
- Experience supporting various computer hardware platforms and multiple operating systems, both stand-alone and network configurations
- Working knowledge of operating systems security features and settings (i.e., Windows, Linux)
- Working knowledge of security configuration requirements for individual applications (i.e., Microsoft Office, Web Browsers, Network Devices, etc.) and Physical Security.
- Candidate must have the following Information Assurance certifications or security training or obtain the certificates within 6 months of hire:
- RMF Training as specified in the DSS Assessment and Authorization Process Manual
- DOD 8570.01-M certification at IAM level 3, such as CISM, CISSP, or GSLC
- Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees, and a professional demeanor.
- Ability to obtain and maintain Top Secret/SCI clearance.