Information System Security Manager (ISSM)
Job Description
ID | 2024-19340 | Category | Cyber Security | Security Clearance Requirement | Top Secret/ SCI | Type | Regular Full-Time | Level | Senior |
Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.
SPA's Sea Land Air (SLA) Division supports a diverse portfolio of national security government clients, including the Undersea Enterprise, the Navy Surface Community, the Navy MPTE Enterprise, the Air Force, Army, DoD Agencies, DARPA, international clients including the Canadian Navy and Australian Defence Force. Our primary objective is to provide timely, objective and analytic assessments that integrate the policy, operational, technical, programmatic and acquisition aspects of our clients' challenges.
Leveraging both in-domain and cross-domain expertise to maximize our clients' success, SLA Division acts as trusted agents to senior decision-makers and key leaders and excels at providing data driven analytic insights, systems engineering, strategies and plans that address current and emerging challenges to national security.
SPA's Operations Research and Cyber Analysis (ORCA) Group, based in CA, is seeking an Information System Security Manager (ISSM). This position will develop information system solutions following Risk Management Framework (RMF) with implementations following the JSIG. The ISSM is responsible for leading the design, procurement, configuration, accreditation, deployment, and continuous monitoring of ORCA and customer networks. The ISSM is responsible for attaining and maintaining system assessments and authorizations through government authorizing agencies from requirements through operational deployment. ISSM implements requirements to establish classified communication links including internet, phone, video teleconferencing, and guest systems. The successful candidates coordinate requirements with DoD agencies to ensure mission accomplishment and the protection of sensitive information.
- Manage and mentor personnel.
- Develop and maintain enterprise-wide RMF information security policies, standards, guidelines, procedures, and artifacts following RMF.
- Oversee the development and deployment of the information security program for multiple classified systems to meet business and enterprise requirements, policies, standards, guidelines and procedures.
- Prepare, review, and present technical reports and briefings.
- Create and Maintain the System Security Plans (SSP) and associated documentation.
- Create a book of business for Cybersecurity Team.
- Maintain compliance of accredited information systems based on federal and DoD security standards.
- Manage and performs security compliance continuous monitoring.
- Identify root causes, prioritizes threats and recommends and/or implements corrective action.
- Research and address information security issues as required as an authority on the subject.
- Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices.
- Participate in internal and external security audits and inspections; performs risk assessments.
- Evaluate proposed changes or additions to the information system and assess their security relevance.
- Ensure configuration management (CM) for security-relevant IS software, hardware, and firmware is maintained and documented.
- Conduct investigations of computer security violations and incidents, reporting as necessary.
- Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered.
- Communicate, implement, and manage a formal Information Security / Information Systems Security Program together with ISSE, CPSO/CSSO, and ISO.
- Lead the design, procurement, build, accreditation, and deployment of complex networks and systems in coordination with the ISSE and ISAs.
- Manage cyber budgets to include hardware, software, and resources.
- Install, configure, test, maintain, monitor, and troubleshoot end-user workstations and related hardware and software.
- Receive and respond to incoming calls and/or e-mails regarding end-user or system problems.
- Interface with third-party support and equipment vendors as needed.
- Up to 20% travel required
Required Qualifications:
- Bachelors Degree in Information Security, Information Technology, or related discipline, or equivalent experience/combined education, with 10+ years of related professional experience
- Must have and maintain a DoD 8570.01-M (Information Assurance Workforce) IAM level III certification (e.g. GSLC, CISM, CCISO, or CISSP)
- Experience with RMF artifacts, obtaining and maintaining system ATOs, and implementing new and complex technologies at multiple classification levels within large enterprise environmentsExperience performing continuous monitoring and cybersecurity hygiene of a windows domains and network enclaves
- Problem solving and time management capabilities
- Extensive experience working with federal/government agencies in sensitive and classified environments
- Experience with Risk Management Framework (RMF), NIST 800-53, JSIG, and applicable legal and regulatory guidance
- Excellent customer relations and customer support skills
- Experience working in a team-oriented, collaborative environments
- Currently hold an active TS//SCI
- US Citizenship required; successful candidates will be subject to a security investigation and must meet eligibility requirements for access to classified information
Desired Skills:
- At least 3 years experience in the deployment, configuration, and troubleshooting of information technology equipment
- Ability to understand information systems equipment functionality and configurations (switches, routers, IDS, firewalls, servers, storage, etc...)
- Knowledge of virtualized datacenters and VDI
SPA is committed to the principles and practices of equal employment opportunity (EEO) and Affirmative Action. It is, and will continue to be, the policy of the company to afford equal employment opportunities to all qualified individuals. We recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin, age, disability or genetics. In addition to federal law requirements, SPA complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.
*Please mention you saw this ad on AsiansInAcademia.*