Information Systems Security Manager (ISSM)
The Information Systems Security Manager (ISSM) is responsible for collaborating closely with IDA researchers, IT, and US Government accrediting agencies to identify appropriate security control baselines and ensure they are implemented prior to being introduced into a production environment; reviews and authorizes proposed changes to ensure they are done in a controlled and documented fashion. The ISSM will also develop the information systems security plans, education, training, and awareness program, and manage and coordinate information security monitoring, inspections and classified spill or data loss incident response. Candidates are required to have an active Top Secret clearance with SCI access or TS/SCI access within the past two years, preferably with DoD.
- Responsible for IDA industrial security information systems security programs for classified and unclassified systems.
- Ensures ISSO's, IT staff, and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization document packages.
- Collaborates closely with IDA researchers, IT, and US Government accrediting agencies to identify appropriate security control baselines
Performs a technical assessment of a system’s implemented security configuration to ensure compliance before the system moves to a production environment; conducts reviews and technical inspections to ensure compliance with IDA and US Government policies, and to identify vulnerabilities or security weaknesses. Recommends corrective actions and ensures proper vulnerability reporting.
Lead efforts to manage on-site inspections of IDA unclassified and classified systems by US Government agencies
Ensure a Plan of Action and Milestone (PO&M) is maintained for all security related vulnerabilities and continually update SCA’s and AO’s as to the current status of planned activities for correcting vulnerabilities associated with required security controls.
Leads an annual internal Command Cyber Readiness Inspection of the IDA SIPRNet as a part of this effort.
- Represents IDA with cognizant US Government agencies responsible for classified computing
- Bachelor’s degree in an IT or Security related field and a minimum of four years’ experience in Information Technology or in an Information System Security Officer/Manager or compliance role. At least two years of the four must be in an ISSO/ISSM role ..
- Experience supporting various computer hardware platforms and multiple operating systems, both stand-alone and network configurations
- Working knowledge of operating systems security features and settings (i.e., Windows, Linux)
- Working knowledge of security configuration requirements for individual applications (i.e., Microsoft Office, Web Browsers, Network Devices, etc.) and Physical Security.
- Candidate must have the ability to obtain the following Information Assurance certification or security training:
- RMF Training as specified in the DSS Assessment and Authorization Process Manual
- DOD 8570.01-M certification at IAM level 3, such as CISM, CISSP, or GSLC
- Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees, and a professional demeanor.
- Candidates are required to have an active Top Secret clearance with SCI access or TS/SCI access within the past two years, preferably with DoD.