Information Systems Security Manager (ISSM)

Location
Alexandria, Virginia
Posted
Sep 15, 2017
Closes
Sep 29, 2017
Hours
Full Time

Overview

The Information Systems Security Manager (ISSM) is responsible for collaborating closely with IDA researchers, IT, and US Government accrediting agencies to identify appropriate security control baselines and ensure they are implemented prior to being introduced into a production environment; reviews and authorizes proposed changes to ensure they are done in a controlled and documented fashion. The ISSM will also develop the information systems security plans, education, training, and awareness program, and manage and coordinate information security monitoring, inspections and classified spill or data loss incident response. Candidates are required to have an active Top Secret clearance with SCI access or TS/SCI access within the past two years, preferably with DoD.

Responsibilities

  • Responsible for IDA industrial security information systems security programs for classified and unclassified systems.
  • Develops, implements and manages a formal information systems security program.
    • Ensures ISSO's, IT staff, and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization document packages.
  • Develops, reviews, maintains and oversees all information Systems Security Plans (SSPs) Assessment and Authorization in accordance with DoD mandated policies.
  • Coordinates with the Facility Security Officer/Senior Insider Threat Security Official to ensure insider threat detection and awareness is addressed.
    • Collaborates closely with IDA researchers, IT, and US Government accrediting agencies to identify appropriate security control baselines
  • Advises IT on required security configurations and assists with the development of technical security enhancements.
  • Performs a technical assessment of a system’s implemented security configuration to ensure compliance before the system moves to a production environment; conducts reviews and technical inspections to ensure compliance with IDA and US Government policies, and to identify vulnerabilities or security weaknesses. Recommends corrective actions and ensures proper vulnerability reporting.

    • Lead efforts to manage on-site inspections of IDA unclassified and classified systems by US Government agencies 

  • Leads periodic cyber self-inspections to assess systems based on DISA STIGs, NISPOM Chapter 8, or DJSIG/JSIG requirements using the following vulnerability scanning tools: Security Content Automation Protocol Scans, STIG Viewer, ACAS, and Retina 
  • Ensure a Plan of Action and Milestone (PO&M) is maintained for all security related vulnerabilities and continually update SCA’s and AO’s as to the current status of planned activities for correcting vulnerabilities associated with required security controls.

  • Leads an annual internal Command Cyber Readiness Inspection of the IDA SIPRNet as a part of this effort.

    • Represents IDA with cognizant US Government agencies responsible for classified computing
  • Develops and maintains relationships with many DOD and Intelligence Community agencies for the purpose of obtaining and maintaining authority to operate (ATO) on IDA classified systems.
  • Engages in continuous dialog with US Government Agencies to provide changes in IDA’s  security posture and learn of new government systems security requirements.
  • Works with US Government Security Control Assessors (SCAs) and Authorizing Officials (AOs) to develop a comprehensive Risk Management Framework (RMF) package including System Security Plans (SSPs), Information Continuous Security Monitoring Plans, and a Body of Evidence to support system authorization.
  • Qualifications

    • Bachelor’s degree in an IT or Security related field and a minimum of four years’ experience in Information Technology or in an Information System Security Officer/Manager or compliance role.  At least two years of the four must be in an ISSO/ISSM role ..
    • Experience supporting various computer hardware platforms and multiple operating systems, both stand-alone and network configurations
    • Working knowledge of operating systems security features and settings (i.e., Windows, Linux)
    • Working knowledge of security configuration requirements for individual applications (i.e., Microsoft Office, Web Browsers, Network Devices, etc.) and Physical Security.
    • Candidate must have the ability to obtain the following Information Assurance certification or security training:
      • RMF Training as specified in the DSS Assessment and Authorization Process Manual
      • DOD 8570.01-M certification at IAM level 3, such as CISM, CISSP, or GSLC
    • Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees, and a professional demeanor. 
    • Candidates are required to have an active Top Secret clearance with SCI access or TS/SCI access within the past two years, preferably with DoD.