Cybersecurity Information System Security Manager (ISSM) Lvl 3

Honu Services
Petersonspaceforcebase, CO
24 Mar 2024

Vacancy expired!

Job Title: Cybersecurity Information System Security Manager (ISSM) Lvl 3- 3696

Job Location: Colorado Springs, CO.

Job Summary The Cybersecurity Analyst Level 3 Contractor shall provide contractor support to perform cybersecurity duties in support of classified network objectives. The Contractor shall provide the Government with recommendations and solutions for implementing AF Intelligence Community (IC) cybersecurity programs and projects. The Contractor shall adhere to DAF, DoD and IC standards and those processes and further defined by the Government. The Contractor shall provide program reviews, schedules, action item updates and required procedures by established deadlines. The Contractor shall conduct timely and in-depth research for policies and processes. The Contractor shall apply IT security control requirements to address the level of security required to protect the confidentiality, integrity, and availability of system data and resources. Solutions shall be compatible with system or network hardware and software configurations and shall be approved by the configuration managers of the system and network. Recommendations shall include test plans and procedures to ensure the results support the required objectives and capabilities. The Contractor shall make edits to existing Government documents, prepare briefings as required to update the Government on the status of actions and coordinate with all project members to meet the goals and objectives of the assigned task. If required to implement a cybersecurity initiative, the Program Manager (PM) shall complete the Assessments and Authorizations (A&A) documents required to obtain an Authorization to Operate (ATO). This includes management of Information Assurance (IA) activities consistent with Government Risk Management Framework (RMF) guidance, e.g., NIST SP 800- 53 Rev4, Joint Special Access Program Implementation Guide (JSIG), and extension of existing government furnished classified networks. Contractor shall manage IA activities for new classified networks. This includes managing completion of the Security Controls Traceability Matrix, System Security Plans, and other RMF required documentation in support of and continuously after the granting of an Authority to Operate (ATO). The ATO should be maintained to achieve a continuous ATO and ensure the cybersecurity of the system/capability is guaranteed throughout the lifecycle of the system/capability. Contractor shall also maintain support of classified networks though Continuous Monitoring, after ATO is granted. Essential Duties and Responsibilities: (Not listed in order of importance; other duties may be assigned):

  • Currently hold certification in good standing to satisfy IAM Level III (CISSP, GSLC, or CISM)
  • Perform risk identification and assessment activities supporting the change management activities for the system/enclave. Maintain approval and inventory documentation for Authorizing Official (AO)-authorized hardware and software
  • Obtain required training and maintain applicable cybersecurity workforce certification (DoD 8570.01-M Info Assurance Manager II)
  • ISSM oversee ISSOs under their purview to ensure they follow established Information System(s) (IS) policies and procedures
  • Develop and maintain a formal IS security program for their assigned area of responsibility
  • Develop and oversee operational information systems security implementation policy and guidelines
  • Ensure all available resources that support Cyber Security Service Provider (CSSP) functions (e.g., Vulnerability Remediation, Vulnerability Assessments, End Pint Protection and detection of Insider Threats) and that provide warnings of system vulnerabilities or ongoing attacks are monitored
  • Ensure periodic testing is conducted to evaluate the security posture of ISs by employing various intrusion/attack detections and monitoring tools (shared responsibility with ISSOs)
  • Ensure approved procedures are used for sanitizing and releasing system components and media
  • Maintain a repository of all security authorizations for ISs under their purview
  • Coordinate IS security inspections, tests, and reviews
  • Ensure proper measures are taken when an IS incident or vulnerability is discovered
  • Ensure data stewardship and responsibilities are established for each IS, and specific requirements (to include accountability, access and special handling requirements) are enforced
  • Ensure development and implementation of an effective IS security education, training, and awareness program
  • Ensure Configuration Management policies and procedures for authorizing the use of hardware/software on an IS are followed, and that any additions, changes or modifications to hardware, software, or firmware are coordinated with the ISSM/ISSO and appropriate AO prior to the addition, change or modification
  • Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
  • Ensuring all security-related vulnerabilities are documented in the SAR/POA&M and/or the RAR and ensure serious or unresolved violations are reported to the AO/DAO
  • Assessing changes to the system, its environment, and operational needs that could affect the security authorization
  • Working collaboratively with the Mission Business Owner, Information System Owner and ISSE/ISA on the risk assessment process
  • Organizational Knowledge - Awareness logistics goals, objectives, services, and programs, as well as the individual requirements in order to meet mission requirements
  • Communication Skills- Strong writing, editing, analytical and team facilitation skills. Excellent and oral interpersonal skills
  • Customer Service Ability - Ability to interact with senior department of defense and other government officials as well as defense contractors at all levels
  • Analysis Awareness - Be responsive to a wide variety of issues, take into account inter relationships between subject areas and customer requirements and recommend alternatives Abilities:
  • Ability to organize, prioritize and meet deadlines
  • Capable of conveying complex information in a simplistic manner
  • Strong critical thinking and problem-solving skills
  • Strong self-starter requiring minimal supervision
  • Able to take proactive measures to prevent problems rather than reactive by nature
  • Strong verbal and written communication to effectively express concepts, plans, and proposals

    Education / Certifications
  • Bachelor's degree and/or relevant job experience within the cyber security arena
  • Currently hold certification in good standing to satisfy IAM Level III (CISSP GSLC or CISM)

    Skills / Experience Required
  • Minimum of ten (10) years of DoD work experience
  • DAAPM, CNSSI 1253, ICD-503, JSIG, or NIST SP 800 series
  • DoD 8570.01-M: CAP or CASP CE or CISM or CISSP or CSSLP
  • Provide recommendations to senior leadership to help ensure mission success
  • Ability to organize, prioritize and meet deadlines
  • Capable of conveying complex information in a simplistic manner
  • Strong critical thinking and problem-solving skills
  • Strong self-starter requiring no supervision
  • Able to take proactive measures to prevent problems rather than reactive by nature
  • Strong verbal and written communication to effectively express concepts, plans, and proposals

    Security Clearance Must be a U.S. Citizen. A high-level Department of Defense (DoD) active security clearance may be required. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to government information.

    Physical Requirements Work may involve sitting or standing for extended periods of time and typing and reading from a computer screen. Must have enough mobility, including bending, reaching, and kneeling, to complete daily duties in a prompt and efficient manner and may include lifting thirty (30) pounds, as necessary.

    Company Summary Headquartered in Hawaii, Galapagos Federal Systems, LLC is an SBA Certified NHO (Native Hawaiian Organization) 8(a) Small Business specializing in global information technology and offering professional solutions in IT Design & Installation, Cybersecurity Engineering & Support, Application Integration & Development, Software & Hardware Engineering, Network & Systems Management, Information Systems Security, and Business Management Services. Leveraging over 30 years of providing IT services to the federal & commercial market with projects found around the world, our team has innovative expertise in the development of a wide range of technological solutions. Galapagos Federal Systems, LLC is an equal opportunity employer. Our service commitment is simple - "Quality IT Solutions On Time & On Budget."

    Company Employment Statement Galapagos Federal Systems, LLC reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing as positions, functions, and qualifications may vary depending on business needs. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Galapagos Federal Systems, LLC is an equal opportunity employer and does not discriminate against applicants based on race, color, creed, religion, medical condition, legally protected genetic information, national origin, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status or legally protected characteristics.

  • ID: #49531624
  • State: Colorado Petersonspaceforcebase 80903 Petersonspaceforcebase USA
  • City: Petersonspaceforcebase
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2023-03-24
  • Deadline: 2023-05-22
  • Category: Et cetera