Information System Security Manager (ISSM)

Institute for Defense Analyses
Alexandria, VA
14 Feb 2025

Vacancy expired!

Overview IDA is seeking a knowledgeable Information Systems Security Manager (ISSM). The ISSM is assigned IT Portfolio, mentors the ISSO and ISSA; oversees accreditations and daily operations of all information systems. Works closely with the ISSM Team Lead to implement organizational common controls across the IT Portfolio. Represents IDA with cognizant US Government accrediting agencies and either approves system accreditations or signs off on all accreditation paperwork. Ensures appropriate operational security posture is maintained for local area networks (LAN), wide area networks (WAN) and stand-alone systems. The ISSM monitors these systems and their operational environment and must have the technical knowledge and expertise required to manage the security aspects of these systems. Manages projects and ISSO and/or ISSA for their environment and reports status to the ISSM Team Lead. Must understand requirements for physical and environmental protection of the computer systems, personnel security rules that pertain to systems, incident handling (such as classified spills or malware), and security training and awareness. The ISSM plays an active role in monitoring a system and its environment of operation to include developing and updating the system security plan (SSP), managing and controlling changes to the system, and assessing the security impact of those changes

Responsibilities Serves as the Information Systems Security Manager (ISSM) for IDA classified and unclassified systems under the ISSM Team Lead.
  • Serves as a mentor to the ISSO and Information Systems Security Auditor (ISSA).
  • Manages and coordinates information security monitoring, inspections and incident response.
  • Develops, implements and manages a formal information security / information systems security program.
  • Develops, reviews, signs, maintains and oversees information systems security plans (SSPs) and Assessment and Authorization (A&A) in accordance with DoD mandated polices.
  • Performs audit reviews of systems comprised of multiple operating system using security information and event management (SIEM) products to track multiple events including any signs of inappropriate or unusual activity, intrusion events, data transfers, etc. Reports any findings to the ISSM Team Lead.
  • Performs recurring self-assessments on all systems under their purview to ensure compliance with documented security requirements and to detect any system level vulnerabilities. Prepares a detailed report of the findings and ensures proper protection and / or corrective measures are taken immediately, or develops a Plan of Action and Milestones (POA&M) to document planned actions.
  • Interacts directly with US Government Security Control Assessors (SCAs) during on-site assessments to demonstrate compliance with technical configuration requirements and implementation and enforcement of written security policy.
  • Continuously updates all required system documentation, including the SSP, POA&M, Risk Assessment Report, and system component inventories.
  • Develops procedures for responding to security incidents and investigating and reporting security violations and incidents as appropriate.
Develops, implements and enforces information security policies and procedures.
  • Performs the steps involved in the execution of the Risk Management Framework (RMF), including generation of documentation, controls compliance testing, and continuous monitoring activities for systems.
  • Develops and periodically reviews training materials and standard operating procedures covering all technical and administrative aspects of system operations.
  • Works with IT to perform an initial system assessment to ensure that required security controls are implemented and operating correctly before a system is authorized for production.
  • Works with IT to develop automated processes to assist in maintaining system compliance and documentation updates.
  • Collaborates with IT to oversee an effective change management policy and procedures for authorizing use of hardware / software on an information system. Evaluates proposed changes against Government security requirements and recommends approval or denial based on a security impact analysis.
  • Reviews and ensures implementation of bulletins and advisories that impact the security posture of information systems covered by SSPs.
  • Reviews systems for compliance to Government requirements, and provide recommendations for improvements.
Develops an information systems security, education, training, and awareness program.
  • Clearly communicates to all users including security personnel, IT staff, and managers the proper procedures for protecting classified information and the systems that process that information. Training prior to initial system access and periodically after includes proper system usage, physical security, data transfers, media protection etc.
Performs other duties as assigned.

Qualifications
  • Bachelor's degree in an Information Assurance/ Cybersecurity or similar relevant field or equivalent experience.
  • Minimum six years' experience in a similar systems security manager or officer role
  • Must have the following Information Assurance certifications or security training or obtain the certificates within 6 months of hire:
    • DSS NISPOM Risk Management Framework Courses
    • DOD 8570.01-M certification at IAT level 3, such as CISSP or CISM.
    • Certified Authorization Professional (CAP) through (ISC)2
  • Must understand the technical configurations of Windows Operating Systems in physical and virtual environments, other operating systems including Linux preferred
  • Must have knowledge of NIST security publications.
  • Must have the ability to read and understand event logs from Windows and Linux
  • Knowledge of tools to parse logs, scan operating systems for vulnerabilities and compliance checking preferred, and required within 6 months of hire.
  • Customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees.
  • Must possess an Active Top Secret with SCI Eligibility preferred.
  • Successful completion of a criminal background check is required.
#ITatIDA

U.S. Citizenship is required

Ability to obtain and maintain a security clearance is required

IDA is an equal opportunity employer committed to providing a fair recruiting process and working environment free from discrimination. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability or protected veteran status. Click here to learn more about IDA's commitment to diversity, equity, and inclusion.
  • ID: #49209403
  • State: Virginia Alexandria 22305 Alexandria USA
  • City: Alexandria
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2023-02-14
  • Deadline: 2023-04-14
  • Category: Et cetera