Information System Security Manager (ISSM)
SUMMARY OF POSITION
The Sr. Information Systems Security Manager (ISSM) is responsible for the security of the information systems at the facility and certifies to DCSA that all security requirements and controls are in place and the system is properly configured, protected, and maintained. This ISSM will participate in technical research and development to enable continuing innovation within the cyberinfrastructure. The ISSM will also ensure that system hardware, operating systems, software systems, and related procedures adhere to organizational values.
- Manages and oversees the compliance and policy aspects for the company regarding information Assurance for systems and networks that contact government information.
- Familiar with Defense Counterintelligence & Security Agency (DCSA) Risk management framework (RMF), eMASS, and Security Technical Implementation Guides (STIGs)
- Work closely with the Facility Security Officer (FSO) and corporate leadership to ensure cyber and physical security standards are met.
- Serve as Information Systems Security Manager (ISSM) for classified computers in DoD and Intelligence Community computing environments.
- Oversees day-to-day security posture and continuous monitoring of IS, including security event log review and analysis.
- Ensure system security measures comply with applicable government policies. Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
- Maintain a thorough understanding of NIST 800-53 controls, and determine which controls apply to the application and document implementation in certification Assistant (CA).
- Reviews and performs technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functional.
- Monitors and resolves Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
- Work with FSO on reviews and maintenance of security assessment and authorization documentation (e.g., IA SOP, SSP, MSSP, RAR, CA)
- Work with FSO on preparation and maintenance of Cyber/IT security.
- Support and maintain client asset management, including inventory, updates, repairs, and replacements.
- Support backend client services, including antivirus, user access, and network administration.
- Support client/server software applications in support of business processes. Trains end users as required on system changes.
- Collaborates with Cyber and IT teams to support the execution of application changes, ensuring compliance and quality standards are part of the deployment.
- Supports third-party applications that integrate with client/server software applications. (Microsoft Office GCC High, AWS, Connectwise, etc.)
- Adhere to strict Information Systems security guidelines in all cases.
- Proactively anticipates and meets customer needs. Must be a self-starter with a high sense of accountability.
- Collaborates throughout the organization, seen as a trusted business partner in accomplishing work.
- Work independently and professionally to ensure the IT team is meeting business expectations.
REQUIRED SKILLS, EDUCATION & EXPERIENCE
Any combination of education and experience providing the required skill and knowledge for successful job performance will be considered. Typical qualifications would be:
- Must have previous ISSO or ISSM experience, preferably 2+ years
- Must have held a DoD security clearance in the past 2 years and be able to attain and maintain an active TopSecret clearance
- Must have excellent writing skills (email communication, procedure writing, etc.)
- Must be familiar with classified computing environments in ICD-705, DoDIs 8500.01 & 8510.01, NIST SP 800-53, and Risk Management Framework (RMF); eMASS, NISPOM, DCSA, etc.
- Must have a DoD 8570.01 Certification of IAT Level III Security+ CE, CISSP, or equivalent
- This position must meet Export Control Compliance requirements; therefore, a “US Person” as defined by 22. C.F.R. is required.
- Bachelor’s degree preferred.
- Technical certification preferred: Microsoft, Cisco, CompTIA CE, CISSP
- 3-5 years of experience in a desk-side support role serving end users.
- 3-5 years of experience supporting Windows 10 desktop operating systems.
- 3-5 years of experience supporting Microsoft Office applications. Office 2016, 2019, etc., years of experience using desktop imaging tools. (Windows Deployment Services, Acronis)
- 3-5 years of experience supporting enterprise Anti-Virus/Anti-Malware tools. (Agent Based tools, etc.)
- 3-5 years of experience supporting users with remote management tools.
- 3-5 years of experience supporting mobile devices. Apple/Android
- 3-5 years of experience supporting peripheral devices, including wireless peripherals. Barcode scanners, printers, etc.
- Experience supporting Microsoft GCC High is a plus.
- Experience securing systems using NIST RMF framework (eMASS) and Security Technical Implementation Guides (STIGs) standards
May be required to travel to other areas dependent on contractual needs.
Working conditions described here are representative of those that may be experienced by an employee on a daily basis while performing the functions of this job.
- Typically sits for extended periods at a computer workstation
- May access and work in the closed areas of equipment
- While performing the duties of this job, the employee may be exposed to moving mechanical parts, fumes, and airborne particles
- The employee may be exposed to vibration
- The employee is occasionally exposed to caustic chemicals. The noise level in the work environment is usually moderate
- May be required to travel to other site locations during the workday
- May be required to work weekends to meet department and business demands
- Knows that safety shoes are recommended in the closed area
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.
- Must be able to sit, climb, balance, stoop, kneel, crouch, or crawl.
- Must be able to see, talk, hear, touch, feel and reach with hands and arms.
- Must be able to frequently walk & stand for short periods of time
- Must be able to lift and move up to 35 pounds, occasionally lift and move objects up to50lbs.
Employment is contingent upon successfully passing an employee reference check, criminal background check, and security clearance.
All applicants must be U.S. persons within the meaning of ITAR. ITAR defines a U.S. person as a U.S. Citizen, U.S. Permanent Resident (i.e. ‘Green Card Holder)