Information System Security Manager (ISSM)

• This position will be responsible for maintaining our Authority to Operate (ATO) approvals and Cybersecurity Impact Analysis (CIA) development and processing for various systems by adhering to the DoD RMF.
• This position supports cybersecurity efforts throughout the RMF Steps for one or more assigned programs to include the enforcement of System Security Plans, Plans of Action and Milestones (POA&Ms), assessing and auditing systems security controls.
• Establish and implement security procedures and practices in support of organizational security and customer requirements.
• Develop and update Assessment & Authorization (A&A) documentation (Body of Evidence) for management and continuous monitoring of information systems.
• Using knowledge of the Information System (IS) and understanding of established Information Assurance (IA) and Cybersecurity requirements; validate security policies and procedures outlined in the System Security Plan (SSP), customer policies & regulations, and ensure local policies are followed.
• Initiate the authorization or re-authorization efforts and process for new or expiring systems and coordinate, schedule, and attend required meetings.
• Take corrective action to resolve problems identified and ensure systems are operated, maintained, and disposed of in accordance with established policies and procedures.
• Perform security audits IAW established procedures. Develop process for the management, review, and retention of security audit data.
• Make decisions and implement corrective action as required to resolve audit discrepancies.
• Author, review, and update IS security-related documentation and submit to (eMASS).
• As an IA Subject Matter Expert (SME), provide critical thinking to ensure system security requirements are addressed during all phases of the System Development Life Cycle (SDLC).
• Conduct ongoing security reviews and tests of systems to verify security features and controls are functional and effective. Take corrective action to resolve identified vulnerabilities.
• Provide security engineering review of proposed changes or additions to the IS (including hardware, software, or connectivity), and advise the (ISSM) of the security relevance.
• Reviewing and assisting to remediate Security Technical Implementation Guides (STIGs) checklists utilizing STIGViewer or SCAP tools.
• Create and maintain processes and procedures for use by members of the HTX team.
• Knowledgeable in National Institute Standards & Technology (NIST) special publications and processes.
• Review and provide remediation suggestions for vulnerabilities scans such as ACAS and NESSUS Scans.
• Provide HR with security training recommendations and assist HR with confirming HTX team members are up to date with all necessary security training for day-to-day operations based on their roles and responsibilities.
• Coordinate with IT team regarding security compliance and protocols.

‍

• Experience performing information system risk assessments and Enterprise Mission Assurance Support Service (eMASS).
• General understanding of computer networks, hardware, databases, applications, security components, computer operations, and operating system maintenance.
• Understanding of the DoD environment and familiarity with the DoD Acquisition System.
• Ability to mediate differing perspectives and develop consensus relating to cybersecurity principles and regulations.
• Ability to build bridges across organizational boundaries and communicate with technical and non-technical leaders across large complex organizations.
• High integrity, strong work ethic, and capable of building strong, trusting relationships.

‍

• Experience as an Information System Security Officer (ISSO) and/or Information System Security Manager (ISSM) using the DoD Risk Management Framework (RMF).
• IAM Level II certification commensurate with DoD 8570.1M requirements.
• Certifications in DoD Information Assurance Management (IM) Level 2 certification required, Cyber Security Service Provider (CSSP) certification preferred.
• At least 2 years’ experience supporting cybersecurity efforts through the DoD RMF process.
• CISSP Certification.
• Educational degree in Cybersecurity, Computer Science, Information Technologies, etc.
• Experience or knowledge of Cybersecurity, networks, system components, system protocols, commercial hardware and software products, and software development.
• Experience developing external customer relationships and ability to communicate cybersecurity concepts and requirements with senior leaders.
• Effective organizational, time management, and communications skills (written and verbal).
• Pursuant to a government contract, this specific position requires U.S. citizenship.

This is a direct hire position.

‍