Information System Security Manager (ISSM)

Gibbs & Cox, A Leidos Company
Arlington, VA
Dec 08, 2021
Dec 10, 2021
Full Time
Gibbs & Cox, a wholly owned subsidiary of Leidos, is the largest independent naval architecture and marine engineering firm in the United States. Since our founding in 1929, 24 classes of combatants and nearly 7,000 vessels have been built to Gibbs & Cox designs. We proudly support military and commercial clients in the US and internationally with all phases of marine design, construction, and lifecycle management. Our passion is solving our customers' 21st century maritime challenges with quality and integrity. Gibbs & Cox is an EEO/An Affirmative Action M/F/D/V Employer Currently seeking a highly motivated and talented Information System Security Manager (ISSM) for our Arlington, VA operations. Position Summary and Responsibilities: * Manage the corporate Information Systems Security program and provide oversight and deliverables in support of customer and corporate needs. * Provide technical expertise in safeguarding internal G&C IS and information processing technologies. * Ensure policies, procedures, and system hardening guides are reviewed and updated as needed to reduce risks impacting the confidentiality, integrity, or availability of information systems. * Deep domain knowledge of network security tools and applications, modify and update SIEMs, IDS/IPS, firewall. * Experience using technology, processes, and policies to detect, protect, and respond to security events and incidents. * Monitor and proactively address security threats, resolve technical issues, and allocate resources to deliver latest security solutions in a cost-effective manner. * Conduct activities in concert with our internal IT department and external security vendors and provide security reports and updates to the Group Information Assurance Manager or G&C Operations leadership. * Ensure IS are audited to ensure compliance with established security policies and procedures. * Ensure Continuous Monitoring (ConMon) activities are conducted per approved frequency. * Contributing and voting member of IS Configuration Control Board (CCB) reviews and approvals. Knowledge, Skills and Abilities: * 5+ years of experience in information security engineering/architecture/operations * 5+ years computer operating systems administration experience (Windows and Linux) * 5+ years information technology experience working in a secure IS processing facility * 5+ year writing System Security Plans (SSPs) and other RMF artifacts as an ISSO or related role * Deep domain knowledge of National Industrial Security Program Operating Manual (NISPOM), Intelligence Community Directives (ICD) security requirements or the Risk Management Framework (RMF) * 5 years working experience in Assessment and Authorization (A&A) processes aligned with NISPOM, ICD, and JSIG security frameworks/policies * Perform Continuous Monitoring, assist the FOS with self-inspections, and provide security coordination and review of system test plans * Identify vulnerabilities and work with other subject matter experts for cost-effective remediation or mitigation solutions * Excellent organizational, communication skills and the ability to effectively interact with managers and technical staff * Ability to identify and troubleshoot complex security issues within systems or networks * Ability to develop and execute security plans, such as, Vulnerability Management Plan, Security Assessment Plan, Incident Response Plan, etc. * Experience with hardware, software, and processes necessary to develop security solutions * Ability to lead design, development, integration, testing, and deployment of security solutions * Experience with security tools for monitoring, assessing, and analyzing systems * Sourcing and implementing new security solutions to better protect the organization * Conducting proactive research to analyze security weaknesses and recommend appropriate strategies * Coordinating and reporting cybersecurity incidents to appropriate authorities * Installing security measures and operate software to protect systems and information infrastructure, including network security tools and data encryption programs * Identifying current and emerging technology security issues, trends, vulnerabilities, and threats Technical Qualifications: * Experience with Linux and Windows Operating Systems, and scripting languages * Knowledge of best practices and security requirements, including DISA STIGs, SRGs, and IA tools * Knowledge of NIST publications, such as, SP 800-37, 800-53, and 800-171 Education: * BS degree in Computer Science, Information Technology, related field, or equivalent experience. Certifications: Active DoD 8570 certification (Security or CISSP), or ability to obtain DoD 8570 certification within 6 months of employment required. * Security+ * CEH * GSEC * CAP Clearance: MUST be a US Citizen. Must have Active DOD Security Clearance Gibbs & Cox is a VEVRAA Federal Contractor and an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. The VEVRAA, VEVRAA | US Department of Labor (, covers veterans. @2021 Gibbs & Cox, Inc. Gibbs & Cox, Gibbs & Cox logo are registered trademarks. All rights reserved

Similar jobs